A couple reports have connected the WannaCrypt ransomware with North Korea, but a new analysis by researchers at Flashpoint suggests there could be a Chinese link. Based on language in the ransom notice, the creators of the notice appear to have been Chinese, not Korean or English.
Correct grammar and punctuation is only present in the Chinese version of the notice. That suggests the writer was "native or at least fluent" in the language.
Whereas all other versions, including the Korean one, seemed to be "machine translated."
Ongoing investigations from private researchers, the FBI, Europol, and others are looking into the origins of the ransomware.
0 Comments