Security firms have been trying to crack down the perpetrator of the WannaCry ransomware attack with great difficulty.
WannaCry Ransomware
For the uninitiated, a ransomware called WannaCry wreaked havoc upon Windows computers recently, encrypting data and demanding ransom in the form of bitcoin currency.
The facts: the hacker group behind the attacks used an exploit from the U.S. National Security Agency's hacking tools; a group named Shadow Brokers leaked that exploit; and the U.S. government is accusing North Korea over the ransomware attacks — and security firm Symantec has found evidence that could support that claim.
Now, it appears new findings from security firm Flashpoint's analysis indicates that the ransomware attacks have a connection to Southern China.
In a blog post published last Thursday, May 25, the firm outlined research into ransom notes delivered to WannaCry's victims. The message was the same in every note: transfer a specified amount of bitcoin to a certain account lest they want their data permanently corrupted. However, the WannaCry attacks are global, meaning the note was delivered in as many as 28 languages.
WannaCry Perpetrators Might Be Fluent In Chinese
Upon studying the notes, Flashpoint was able to determine that whoever distributed the ransomware attacks are likely "native or at least fluent" in Chinese. The firm found out that of the 28 languages, only the English variant, in addition to the Simplified and Traditional Chinese character versions, appear to have been authored by a human. The rest appear to have undergone translation from English via Google Translate.
There are a few key details that support the claim that authors are likely native or fluent in Chinese. First, the English version of the ransom note was nearly flawless, except for one significant grammatical error. While Flashpoint is mum on this detail, Gizmodo did highlight the sentence "But you have not so enough time" as being particularly suspicious. Because of the error, the firm thinks that "the speaker is non-native or perhaps poorly educated."
What's more, the Chinese note appears to contain more information than the rest and is different in format, content, and tone.
"[T]he note makes use of proper grammar, punctuation, syntax, and character choice, indicating the writer was likely native or at least fluent," Flashpoint states.
But Does This Even Prove Anything?
Still, if the authors are indeed fluent in Chinese, it doesn't necessarily mean they were in China when the ransomware attacks were launched. This, in addition to the fact that hackers often intentionally cripple their language to avoid this form of analysis, makes it even harder to identify the perpetrators of WannaCry. Flashpoint's conclusion, while based on fact, only adds to the general mystery behind the group responsible for WannaCry.
Will researchers eventually know where WannaCry originated and, by extensions, the hackers behind its widespread launch? It's hard to say. But the best guess right now is that the hackers are fluent in Chinese. Beyond that, details couldn't be any murkier.
Do you have any informed guesses as to the perpetrators behind WannaCry? Feel free to sound off in the comments section below!