Weeks after the global WannaCry ransomware attacks, researchers are still busy trying to find proof as to who was behind it all. What is common knowledge by now is that, other than the fact that the majority of victims of the ransomware have refused to pay, the U.S. is convinced that North Korea is tied to it somehow. A new research has revealed a new connection: China.
‘Chinese-speaking authors’
A cybersecurity firm, Flashpoint, detailed the linguistics analysis it performed on 28 ransom notes that were found within the malware, to help them identify the authors’ mother tongue.
Each of the notes was individually examined for “content, accuracy, and style”, and then compared to previous ransom note samples. These ransom notes were fed to the victims during the WannaCry attacks, telling them to transfer $300 to $600 worth of bitcoins in exchange of their data, which the malware held hostage.
Flashpoint’s analysis suggested that all of the ransom notes had gone through Google Translate but three—the ones in English and in Simplified and Traditional Chinese. They could have been written “by a human instead of machine translated”, Flashpoint said on a blog post. The Chinese notes looked as if they were written by someone who was either a native or was fluent in Chinese. They contained unique characters that only a fluent Chinese speaker would know how to use.
In addition, the language used appeared to be consistent with the ones used in China, Hong Kong, Taiwan, or Singapore.
Who are our ransomware hackers?
Before the linguistics analysis, there were some evidence that suggested the malware was linked to the Lazarus group, and that the group was affiliated with North Korea. It would have been really comfortable for the U.S.
government to blame North Korea, who seemed to be more likely to be behind the ransomware attacks than the Russians. But hackers are also known to have a way with words, so there is also a possibility that the people behind the attacks planted easily noticeable errors that would lead analysts toward the conclusion that the Chinese did them.
The WannaCry ransomware cyber-attack that have been the focus of attention since a few weeks ago managed to infect at least 300,000 computers in 150 countries. Although the numbers are great, this should not come as a surprise, since ransomwares have been known to be a constant threat since they first made appearance in 2005. Security researchers say that there is no need to install any special tool or program, because the default Windows Defender is enough to prevent attacks, as long as you regularly update it. In a ransomware attack, the malware infects a computer through an email attachment containing a software that once downloaded will prevent access to data by encrypting your hard drive.
