Wan­nacry hack­ers ‘were Chi­nese speak­ing’

Computer Active (UK) - - News -

Chi­nese hack­ers were be­hind the Wan­nacry ran­somware at­tack that crip­pled tens of thou­sands of com­put­ers around the world in May, new ev­i­dence sug­gests.

Af­ter ex­am­in­ing the ran­som mes­sage dis­played by Wan­nacry, re­searchers at US se­cu­rity com­pany Flash­point found that the gram­mar and punc­tu­a­tion in the Chi­nese ver­sions in­di­cated the writer was “na­tive or at least flu­ent” in the lan­guage.

They claim with “high con­fi­dence” that the lan­guage “is con­sis­tent with that of South­ern China, Hong Kong, Tai­wan or Sin­ga­pore”.

The ran­som note was dis­played in 28 dif­fer­ent lan­guages, in­clud­ing French, Ger­man and Rus­sian. But Flash­point says only the ver­sions in Chi­nese and English were writ­ten by hu­mans, with the oth­ers show­ing gram­mat­i­cal and punc­tu­a­tion er­rors indi­cat­ing they had been trans­lated us­ing Google Trans­late.

Flash­point says the rea­son the hack­ers are more likely to be Chi­nese than English is that the English ver­sion con­tains the un­gram­mat­i­cal sen­tence, “But you have not so enough time”.

Some ex­perts had pre­vi­ously thought the hack­ers be­longed to the North Korean Lazarus Group due to sim­i­lar­i­ties be­tween Wan­nacry’s code and ear­lier at­tacks at­trib­uted to them. But Flash­point’s analysis (avail­able at www.snipca.com/24570) re­vealed that the Kore­an­lan­guage ran­som note was a poorly trans­lated ver­sion of the English text.

Wan­nacry in­fected more than 200,000 com­put­ers in 150 coun­tries, tak­ing down thou­sands of NHS ma­chines in the UK. The at­tack is be­ing in­ves­ti­gated by the UK’S Na­tional Crime Agency, Europol and the FBI.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.