New linguistic analysis emerged from US intelligence company Flashpoint last Friday that points to a native Chinese speaker (or a group of them) as being responsible for the global ransomware attack that hit more than 100,000 organisations in 150 countries earlier this month.
Flashpoint’s report examined ransom notes from WannaCry in 28 languages. The company said, given the style and accuracy of the Chinese notes as well as their lengthier formats, it has “moderate confidence” that a native Chinese speaker was the author.
It also suggested that while the English notes were written more accurately than it would otherwise have been if it were machine translated, a “glaring” grammatical error — “But you have not so enough time” — indicates the author, though familiar with the English language, is “non-native or perhaps poorly educated.”
Ransom notes in other languages were found to be translated from English using Google Translate. When Google translated versions of the English note were compared to those in other languages, they were discovered to be 96 to 100 percent identical.
The attacks have previously been thought to have come from North Korea, thanks to findings from Google security researcher Neel Mehta. Mehta discovered computer code found in an early version of the WannaCry malware that was identical to code used by the Lazarus Group, a hacking group linked to the government of North Korea.