A hacking group linked to North Korea is thought to be behind the cyber attack that wreaked havoc across the globe, according to security experts.

Analysts from security firms Symantec and Kaspersky revealed that they are looking into technical clues suggesting the Lazarus Group created the virus.

The ransomware - which encrypts victims' files then demands a fee to unlock them - left Britain's health service crippled as computer systems and phone lines across the country shut down on Friday.

The NHS is still struggling to get back on its feet following the attack, which means patients could have to wait a month or more to see a doctor after countless operations and appointments were cancelled.

The global cyber attack brought the NHS to its knees on Friday and over the weekend

More cyber attacks could be in the pipeline after the global havoc caused by the Wannacry ransomware, South Korean cybersecurity experts warned Tuesday as fingers pointed at the North.

More than 200,000 computers in 150 countries were hit by the ransomware attack, described as the largest ever of its kind, over the weekend.

Since Friday, banks, hospitals and state agencies have been among the victims of hackers exploiting vulnerabilities in older versions of Microsoft computer operating systems and demanding payment in the virtual currency Bitcoin.

The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures in 2014 and the central bank of Bangladesh, said Simon Choi, director of Seoul internet security firm Hauri.

Choi, known to have vast troves of data on Pyongyang's hacking activities, has publicly warned against potential ransomware attacks by the North since last year.

'I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targeting some South Korean companies,' he said.

He cited a major attack last year that stole the data of over 10 million users of Interpark, a Seoul-based online shopping site, in which hackers demanded bitcoin payments worth about $3 million.

Seoul police blamed the North's main intelligence agency for the attack.

More attacks were possible, Choi said, 'especially given that, unlike missile or nuclear tests, they can deny their involvement in attacks in cyberspace and get away with it'.

The Lazarus Group has repeatedly been linked to North Korea. Pictured is the country's leader Kim Jong-Un

Cyber criminals have hit more than 225,000 victims in 150 countries (pictured) in the biggest hack ever launched - with the NHS one of the hardest hit organisations

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries

Security researchers in the US, Russia and Israel have also reported signs of a potential North Korean link to the latest cyberattack, although there is no conclusive evidence yet.

Google researcher Neel Mehta posted details showing similarities between the 'WannaCry' malware and computer code used by the Lazarus hacking group, widely believed to be connected to Pyongyang.

The isolated, nuclear-armed state is known to operate an army of thousands of hackers operating in both the North, and apparently China, and has been blamed for a number of major cyberattacks.

In November 2014, Sony Pictures Entertainment became the target of the biggest cyberattack in US corporate history, linked to its release of North Korea satire 'The Interview', hated by Pyongyang.

Washington blamed Pyongyang for the hacking, a claim it denied - though it had strongly condemned the film, which features a fictional CIA plot to assassinate leader Kim Jong-Un.

North Korea stepping up cyber attacks to earn foreign currency The North appears to have stepped up cyber attacks in recent years in a bid to earn hard foreign currency in the face of United Nations sanctions imposed over its nuclear and missile programmes, Choi said. He claimed to have last year tracked down an elite North Korean hacker who boasted online that the country was conducting tests for ransomware attacks. On an online messenger system, Choi said: 'He said he and his colleagues were running tests for ransomware attacks.' The hacker was believed to be from the North's elite Kim Chaek University of Technology in Pyongyang and suspected of launching multiple cyber-attacks on North Korean defector organisations in Seoul, Choi said. His IP address and other digital traces pointed to the North, he added. So far 11 South Korean companies have been affected by WannaCry, Seoul's Yonhap news agency said, citing data from the state-run Korea Internet and Security Agency. The malware blocks computers and puts up images on victims' screens demanding payment of $300 in the virtual currency Bitcoin, saying: 'Ooops, your files have been encrypted!' Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the message. The malware uses a hacking tool known as EternalBlue, which was published last month by an anonymous hacking group called Shadow Brokers, saying it had been obtained from the US National Security Agency. A professor of Korea University Graduate School of Information Security Lim Jong-In said: 'When the leak was published, I thought the North would never miss a chance like this. 'I'm afraid that there may be more attacks down the road using the rest of the tools leaked in April.' Advertisement

Symantec and Kaspersky said code in an earlier version of the WannaCry ransomware had also appeared in other malicious software created by those hackers.

The Lazarus Group has already been blamed for a string of hacks dating back to at least 2009, including last year's $81 million heist from Bangladesh's central bank.

The group was also thought to have been behind the 2014 hack of Sony Pictures Entertainment that crippled its network for weeks and a long-running campaign against organizations in South Korea.

Researchers from Kaspersky said: 'We believe this might hold the key to solve some of the mysteries around this attack.

'We believe it's important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of Wannacry.

'Looking back to the Bangladesh attack, in the early days, there were very few facts linking them to the Lazarus group.

'In time, more evidence appeared and allowed us, and others, to link them together with high confidence. Further research can be crucial to connecting the dots.'

The North Korean mission to the United Nations was not immediately available for comment.

The ransomware hit computers around the globe including in Germany where the rail network was infected

The virus infection resulted in a ransom message appearing on screens across the German rail network creating 'massive disturbances'

During the chaos in Britain over the weekend countless operations were cancelled and patients were turned away as 45 NHS organisations and trusts and hundreds of GP surgeries were locked out of their computer systems.

NHS staff pleaded with patients to stay away from A&E except in an emergency, and ambulances were diverted away from hospitals struggling to cope, with medics facing a weekend of chaos.

Meanwhile Russia was believed to be the worst affected country with computers in its interior ministry hit and its second largest phone network - Megafon - also targeted.

British computer security expert Marcus Hutchins, 22, discovered the WannaCry super-virus had a 'kill switch' and stopped it infecting 100,000 more PCs worldwide over the weekend

Analysis by Elliptic, which has been tracking the Bitcoin accounts linked to the virus, revealed the hackers have been paid around $54,000 (£40,200) in ransom money since Friday.

Ticketing machines and computers at German railway stations have also been affected alongside Spanish companies including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural. Shipping company FedEx also confirmed it was hit by the attack.

Analysis by Elliptic, who have been tracking the Bitcoin accounts linked to the virus, revealed the hackers have been paid around $54,000 (£41,795) in ransom money since Friday.

British computer security expert Marcus Hutchins, 22, became a hero when he discovered the WannaCry super-virus had a 'kill switch' and stopped it infecting 100,000 more PCs worldwide over the weekend.

Microsoft blames NSA 'for failing to warn them that Windows was vulnerable' Microsoft's top lawyer is laying some of the blame for Friday's massive cyberattack at the feet of the U.S. government. Brad Smith criticised U.S. intelligence agencies, including the CIA and National Security Agency, for 'stockpiling' software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's 'ransomware' attacks used a vulnerability that was exposed in NSA documents leaked online. In a post on Microsoft's blog, Smith says: 'An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.' Advertisement

Now the cyber criminals, who hit more than 225,000 victims in 150 countries in the biggest hack ever launched, have re-written their malware to remove the flaw discovered by Mr Hutchins.

Britain's FBI - the National Crime Agency (NCA) - said people must be prepared for a 'second surge' of malware - but it is yet to happen on the scale seen on Friday.

Rob Holmes, an expert from cyber security company Proofpoint, told the BBC: 'We're already starting to see new versions of the ransomware without the master kill switch'.

Earlier, Russian President Vladimir Putin blamed US intelligence services for a 'ransomware' attack that has wrecked havoc around the globe.

Putin said intelligence services should beware of creating software that can later be used for malicious means.

'As regards the source of these threats, I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the intelligence services of the United States,' Putin said on Monday.

'Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators,' he told reporters in Beijing.

Putin claimed there was no significant damage to Russian institutions, including its banking and healthcare systems, from the computer worm.

Police at Southport Hospital following the NHS cyber attack on Friday where ambulances were diverted to other hospitals

'But as a whole it is worrying, there's nothing good about it, it is a source of concern,' he said.

'So this question should be discussed immediately on a serious political level and a defence needs to be worked out from such phenomena.'

The Russian leader that the Kremlin was not behind the attack.

In the US, the FBI and National Security Agency were trying to identify the perpetrators behind the massive cyber attack.

Mother's praise for staff who defied cyber attack to deliver her twins A mother who gave birth to twin girls in the midst of the ransomware cyber attack has praised staff who cared for her. Cheryl McNulty had a high risk pregnancy as she had a condition called placenta praevia, and her babies had to be delivered several weeks early on Saturday morning. They were born in the early hours at 3.12am and 3.13am at an NHS Lanarkshire hospital. The health board was one of dozens around the UK affected by the unprecedented cyber attack which hit scores of countries on Friday. Cheryl McNulty, right, is pictured with her partner Scott and their twin babies who were born in the midst of the cyber attack with the help of midwife Alison Stark, pictured centre Ms McNulty said:'If they hadn't explained to me about the cyber attack, I wouldn't have been aware that there were any issues. 'The only thing I noticed was that everything was done on paper rather than a computer. 'From my point of view, it didn't have any impact on my patient experience at all. 'I couldn't say a bad word about the care that I received. It was such a positive experience.' Ms McNulty and her partner Scott Wright are now choosing names for their daughters, who were born by caesarean section when Ms McNulty was 34 weeks and six days pregnant. The couple, from Bellshill in North Lanarkshire, hope to be able to go home as a family soon. Advertisement

The revelations come just one day after Kim Jong-Un fired a ballistic missile 500 miles into the Sea of Japan in the latest show of force amid tensions with the US.

The launch took place in the Kusong region located northwest of the capital, Pyongyang, where the North previously test-launched an intermediate-range missile it is believed to be developing.

The missile is thought to have landed in water 60 miles south of Russia's Vladivostok region, home of the Russian Pacific Fleet - although the Russian defense ministry said it had landed 310 miles off the coast.

The launch took place in the Kusong region located northwest of the capital, Pyongyang. A US official said the missile landed in water 60 miles south of Russia's Vladivostok region

A South Korean man watches a television displaying news broadcasts reporting on North Korea's recent ballistic missile launch, at a station in Seoul, South Korea on May 14 May

The projectile was launched at around 5.30am, according to South Korea's Joint Chief of Staff.

'The South and US are analyzing more details about the missile,' it said in a statement without elaborating.

US Pacific Command says the flight was not consistent with an intercontinental ballistic missile.

Kim Jong-Un is pictured visiting a tools and utensils exhibition in this photo released by North Korea's Korean Central News Agency (KCNA) on May 13

Ballistic missiles are displayed during a military parade in Pyongyang in this April 15 picture

Japan's defense minister Tomomi Inada told reporters there is a possibility that it was a new type of ballistic missile, saying it flew Sunday for about 30 minutes and at an altitude exceeding 1,240 miles. She says more analysis was needed.

Japanese officials said the missile landed in the Sea of Japan but outside the country's exclusive economic zone.

Kim Dong-yub, an expert at Kyungnam University's Institute of Far Eastern Studies in Seoul, said he estimated a standard trajectory firing would give it a range of 3,700 miles, meaning it would be capable of reaching Hawaii.

The launch is the first in two weeks since the last attempt ended in a failure just minutes into flight.