Wannacry hackers ‘were Chinese speaking’
Chinese hackers were behind the Wannacry ransomware attack that crippled tens of thousands of computers around the world in May, new evidence suggests.
After examining the ransom message displayed by Wannacry, researchers at US security company Flashpoint found that the grammar and punctuation in the Chinese versions indicated the writer was “native or at least fluent” in the language.
They claim with “high confidence” that the language “is consistent with that of Southern China, Hong Kong, Taiwan or Singapore”.
The ransom note was displayed in 28 different languages, including French, German and Russian. But Flashpoint says only the versions in Chinese and English were written by humans, with the others showing grammatical and punctuation errors indicating they had been translated using Google Translate.
Flashpoint says the reason the hackers are more likely to be Chinese than English is that the English version contains the ungrammatical sentence, “But you have not so enough time”.
Some experts had previously thought the hackers belonged to the North Korean Lazarus Group due to similarities between Wannacry’s code and earlier attacks attributed to them. But Flashpoint’s analysis (available at www.snipca.com/24570) revealed that the Koreanlanguage ransom note was a poorly translated version of the English text.
Wannacry infected more than 200,000 computers in 150 countries, taking down thousands of NHS machines in the UK. The attack is being investigated by the UK’S National Crime Agency, Europol and the FBI.