Researchers Find Link Between WannaCry Ransomware and China

Security researchers at Flashpoint have revealed a linguistic analysis of the ransom notes delivered to tens of thousands of WannaCry’s victims around the world.

While a portion of the cybersecurity community has linked the sweeping global WannaCry attack on May 12 to a North Korean hacker group Lazarus, a recent analysis by Flashpoint researchers dug further.

The unprecedented ransomware campaign struck over 100 countries around the world, with ransom notes delivered to victims in 28 different languages. However, researchers soon deduced that nearly all of the ransom notes, except the English version and the Chinese versions (Simplified and Traditional), were machine-translated via Google Translate. So, only two broad languages were written by a human. The rest, researchers summed up, were Google-translated versions of the English note.

However, there was a giveaway.

The researchers wrote:

Though the English note appears to be written by someone with a strong command of English, a glaring grammatical error in the note suggest the speaker is non-native, or perhaps poorly educated.

Meanwhile, the two Chinese ransom notes differed “substantially” from each other, in “content, format and tone,” according to the researchers.

Pointing to a number of unique characteristics in the note, they see it penned by a fluent Chinese speaker.

They added:

A typo in the note, “帮组” (bang zu) instead of “帮助” (bang zhu) meaning “help,” strongly indicates the note was written using a Chinese-language input system rather than being translated from a different version. More generally, the note makes use of proper grammar, punctuation, syntax, and character choice, indicating the writer was likely native or at least fluent. 

The most compelling evidence is that of the Chinese note which contains “substantial” content that isn’t present in any of the other ransomware notes. Enough for the researchers to conclude “with high confidence” that the authors of the ransomware notes are fluent in Chinese, particularly in the Southern China, with language commonly found in Hong Kong, Taiwan or Singapore.

Image credit: Pixabay