Posted on May 31, 2017 at 5:07 PM
The famous ransomware that recently managed to hit and affect up to 150 countries, WannaCry, was suspected to have come from North Korea almost from the moment the attack has started. Now, however, researchers believe that the hacker or hackers that pulled it of might be Chinese-speakers.
The theory was born after the Flashpoint’s researchers discovered evidence that suggests that the certain note was translated to Korean from another, original language. After some further research and investigation. it was discovered that the language used was Chinese. Which means that the person or persons who created and dispatched WannaCry were Chinese speakers.
Their researchers even stated that they can narrow it down to the areas of Southern China, Taiwan, Hong Kong, or Singapore.
The message demanding ransom was analyzed, and it appeared in 28 different languages throughout the world during the attack. As you probably remember, it demanded payment of $300. After analyzing the messages, researchers discovered that only the English and Chinese versions seem to be written by a person, while the others were obviously translated from English.
It’s even suspected that the program in question was Google Translate, and only the Chinese and English version have the quality of a note written by a human.
And not only that, but the researchers also say that only the Chinese message seems to be written by a native, which leads to the assumption that the writer of the note is of Chinese origin.
The difference in the Chinese notes can be felt in many aspects, including format, content, tone, and alike. Also, the notes in Chinese have all of the same content found in other versions and more. All of these details suggest that the author or authors of the note were very fluent in Chinese, and probably only in Chinese. Also, that Chinese is the language in which the original note was written.
For a long time now, it was believed that North Korean Lazarus Group was responsible for launching the attack. This group was connected with the attack on Sony Pictures Entertainment that occurred back in 2014, and also with the attack on Bangladesh central bank. During this last attack, $81 million was stolen by the perpetrators.
The reason why the researchers believe that the writer of these notes is a Chinese speaker, rather than an English speaker, is the major grammatical error found in the note. That lead to the conclusion that the writers of the note aren’t English speakers. Instead, the note was written in Chinese, translated manually to English, and then translated from English to other languages via Google Translate.
WannaCry notes were also compared with the ones that were used in earlier ransomware attacks, as well as programs, but no major links were found.