The WannaCry Malware, which infected computers in 150 countries two weeks ago, are likely authored by cybercriminals from southern China, Hong Kong, Taiwan, or Singapore, according to US intelligence firm Flashpoint.
Recent forensic linguistic analysis suggested that the WannaCry Malware was written by Chinese-speaking people with southern accents. Flashpoint said almost all of the ransom notes were translated using Google Translate, except those that were written in English, traditional Chinese, and simplified Chinese. The notes appeared to have been written by a human.
"Though the English note appears to be written by someone with a strong command of English, a glaring grammatical error in the note suggests the speaker in non-native or perhaps poorly educated," the firm wrote on its website published on May 25.
Flashpoint also added that the English note deleted some phrases from the Chinese notes, although the former was used as the source text for machine translate to other languages. Some of the omitted phrases include "even the coming of God cannot retire these documents" and "Please relax, I absolutely will not scam you," suggesting that the Chinese hackers are native speakers. The Chinese notes were reportedly written fluently.
The firm said that the WannaCry Malware note contained a typo in the phrase meaning "help" ("bang zhu"), which is a Chinese language input. It also used a word for "week" ("li bai") that is commonly used in south China, Hong Kong, Taiwan, and Singapore. And it also used a phrase for anti-virus ("sha du ruan jian"), which is common in the mainland.
However, Dr. Zhang Kefeng, a professor of Chinese language at Jimei University in Xiamen, does not agree with the analysis.
Zhang said that "li bai" is also used in northern China, adding that "It is difficult to spot geographical differences in written Chinese nowadays, especially among educated people."
Various estimates suggest that the WannaCry Malware "ransom" raised reached $116,000 from 302 entities over a week after computers have been locked down.