The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.
The WannaCry hackers have demanded ransoms from users, starting at $300 to end the cyber attack, or they threatened to destroy all data on infected computers.
The researchers said it was too early to confirm that Pyongyang was behind the cyberattacks.
A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. "The group has been very active since 2011", said Kapersky in the blog. Rates for the United States, Japan, Germany and Britain range from 18 to 22 percent.
WannaCry crippled computers running older versions of Microsoft Windows in about 150 countries.
So far 11 South Korean companies have been affected by WannaCry, Seoul's Yonhap news agency said, citing data from the state-run Korea Internet and Security Agency.
There are other surprises, that suggest this is not an ordinary ransomware attack.
The official China Daily newspaper, citing Chinese tech firm Qihoo 360, said that at least 200,000 computers had been affected in China, with schools and colleges particularly hard-hit. Taiwan's education ministry has warned institutions to protect their information and not to download software from unknown sources. Then they wiped computers.
Trump reportedly reveals highly classified information during meeting with Russians
Bob Corker, R-Tenn., the chairman of the Foreign Relations Committee, said of the Trump administration. The White House declared the allegations, first reported by the Washington Post , incorrect.
Both firms said researchers would need to look at other early versions of WannaCry. It was not clear whether the files had been recovered.
Dave Lee, a technology reporter at BBC News, said Tuesday China was among the countries worst hit and that it's unlikely North Korea would want to target its ally.
Kaspersky Labs, a cybersecurity firm based in Moscow, said Google researcher Neel Mehta first disclosed the similarity in the code from the WannaCry virus and a virus directed by the cybercrime network called the Lazarus Group in February 2015.
It matches code used in a 2016 hack of worldwide banks and mirrors methods used in the 2014 Sony hack - both hacks have since been linked to North Korea-run Lazarus Group.
The virus encrypts a computer's files and will only decrypt them in return for a payment, typically via Bitcoin, an online currency.
Choi also cited an accidental communication he had past year with a hacker traced to a North Korean internet address who admitted development of ransomware.
Security researchers on Monday reported signs of a potential North Korea link to the massive cyberattack campaign that sparked havoc in computer systems worldwide and opened fresh political rifts between Russian Federation and the United States. While Choi's speculation may deepen suspicions that the nuclear-armed state is responsible, the evidence is still far from conclusive. Authorities are working to catch the extortionists behind the global cyberattack, searching for digital clues and following the money.
"According to Kaspersky Lab researchers, the similarity of course could be a false flag operation", the firm said in a statement. Some high-profile attacks between 2009 and 2013 shut down government websites, banking systems and paralyzed broadcasters.
South Korea's presidential Blue House office said nine cases of ransomware were found in the country, but did not provide details on where the cyber attacks were discovered.