However, ii weeks agone researchers at Google, Kaspersky Lab, Intezer together with Symantec linked WannaCry to ‘Lazarus Group,’ a state-sponsored hacking grouping believed to function for the North Korean government.
Now, novel question from nighttime spider web tidings describe of piece of job solid Flashpoint indicates the perpetrators may locomote Chinese, based on its ain linguistic analysis.
Flashpoint researchers Jon Condra together with John Costello analyzed each of WannaCry's localized ransom notes, which is available inwards 28 languages, for content, accuracy, together with style, together with discovered that all the notes, except English linguistic communication together with Chinese versions (Simplified together with Traditional), had been translated via Google Translate.
According to the research, Chinese together with English linguistic communication versions of the ransomware notes were most probable written past times a human.
On farther analysis, researchers discovered that the English linguistic communication ransom greenback contains a "glaring" grammatical error, which suggests the ransomware author may locomote a non-native English linguistic communication speaker.
“Though the English linguistic communication greenback appears to locomote written past times person alongside a potent ascendance of English, a glaring grammatical fault inwards the greenback advise the speaker is non-native or possibly poorly educated.”
And since Google Translate does non function practiced at translating Chinese to English linguistic communication together with English linguistic communication to Chinese, together with oft produces inaccurate results, the English linguistic communication version could locomote written for translating the ransom greenback into other languages.
“Comparisons betwixt the Google translated versions of the English linguistic communication ransomware greenback to the corresponding WannaCry ransom greenback yielded nearly identical results, producing a 96% or to a higher house match.”
According to the Flashpoint report, the Chinese ransom notes incorporate "substantial content non acquaint inwards whatsoever other version of the note," together with they are longer than together with formatted differently from the English linguistic communication one.
The Chinese ransom notes likewise role proper grammar, punctuation, syntax, together with graphic symbol selection – indicating that the ransomware author is fluent inwards the Chinese language.
"A typo inwards the note, bang zu (幫組) instead of bang zhu (幫助), which agency ‘help,' strongly indicates the greenback was written using a Chinese-language input scheme rather than existence translated from a dissimilar version," the researchers explain.
"The text uses for certain damage that farther narrow downwards a geographic location. One term, libai ( 禮拜 ) for ‘week,’ is to a greater extent than mutual inwards southern China, Hong Kong, Taiwan, together with Singapore...The other “杀毒软件” for “anti-virus” is to a greater extent than mutual inwards the Chinese mainland."
All these clues made Flashpoint researchers into believing alongside high confidence that the unknown author or authors of WannaCry ransomware are fluent Chinese speaker together with that the Chinese are the source of the English linguistic communication version of the ransom note.
However, Flashpoint researchers say it's difficult to speculate the nationality of the WannaCry hackers every bit they may locomote affiliated to whatsoever Asian (China, Hong Kong, Taiwan, or Singapore).
WannaCry epidemic hitting to a greater extent than than 300,000 PCs inwards to a greater extent than than 150 countries inside only 72 hours, using self-spreading capabilities to infect vulnerable Windows PCs, peculiarly those using older versions of the operating system.
While most of the affected organisations convey at i time returned to normal, police pull enforcement agencies across the the world are on the hunt.
