Cyber security researchers on Monday found possible North Korea links to the massive WannaCry “ransomware” cyber attacks that first started on May 12. Two security companies found evidence connecting the specific ransomware to North Korean cybergang Lazarus Group, The Guardian reported.

Google researcher Neel Mehta had also published data on Twitter linking the isolated nation to the extortion campaigns that have affected at least three lakh computers in 150 countries.

The two security companies Symantec and Kaspersky Lab said the WannaCry software had a code that was identified in the programmes used by the Lazarus group. “This is the best clue we have seen to date as to the origins of WannaCry,” Kaspersky Lab researcher Kurt Baumgartner told Reuters.

Unidentified officials from the United States and Europe told Reuters that that it was too early to confirm who was responsible for the attacks, but said that North Korea was in their list of suspects. “The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” Cyber security firm FireEye’s researcher John Miller said.

Kaspersky Lab said, “This level of sophistication is something that is not generally found in the cybercriminal world. It’s something that requires strict organization and control at all stages of operation. That’s why we think that Lazarus is not just another advanced persistent threat actor”.

Security experts have warned that India’s banking system could be vulnerable to the attacks.

On Monday, the Indian government had warned users against opening unsolicited emails. The WannaCry virus encrypts the computer’s hard disk drive and then spreads the bug across systems in the same local area network. It also spreads through malicious attachments to emails.

The major cyber attack had targeted several nations, bringing operations at hospitals, telecommunications firms and other companies to a halt. CERT has suggested using patches in users’ Windows systems to prevent the bug from spreading. The ransomware also “drops a file named ‘!Please Read Me!.txt’ that contains the text explaining what has happened [to the computer] and how to pay the ransom”. Microsoft systems seem to be vulnerable to the attacks.