bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

urlAlias

moreOnThisArticles

sponsorType

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Stephen Chen

The authors of the WannaCry malware, which infected computers in 150 countries two weeks ago, are probably from the southern mainland, Hong Kong, Taiwan or Singapore, according to a US intelligence company.
Forensic linguistic analysis on the malware suggested it was written by native Chinese-speaking people with southern accents, said Flashpoint.
Chinese cybersecurity firm claims to have developed WannaCry virus ‘vaccine’
In a report on its website, Flashpoint, which provides global business-risk intelligence, said it came to the conclusion with “high confidence”. Earlier reports based on code analysis suggested North Korean programmers at work.
The WannaCry malware locked up data on infected computers and displayed a message in 28 languages demanding a ransom for restoration of the data.

The hackers drafted the note in Chinese first, Flashpoint said. Based on the Chinese text, they manually produced an English version, then converted that into other languages using Google’s translation software.
“A typo in the note, bang zu (幫組) instead of bang zhu (幫助), which means ‘help’, strongly indicates the note was written using a Chinese-language input system rather than being translated from a different version,” the report said.
Is North Korea behind WannaCry virus?
“The text uses certain terms that further narrow down a geographic location. One term, libai ( 禮拜 ) for ‘week,’ is more common in southern China, Hong Kong, Taiwan, and Singapore,” the researchers added.
Chinese phrases omitted in other language versions, such as “even the coming of God cannot retire these documents” and “Please relax, I absolutely will not scam you”, also suggested ­Chinese was the hackers’ native language, Flashpoint said.
But Zhang Kefeng, a professor of Chinese language at Jimei University in Xiamen, Fujian province had doubts about some of Flashpoint’s conclusions.
“Libai is not just used in southern China. Many areas in the north use the word in communication as well, and every day,” he said.
The next ransomware attack will likely be worse than WannaCry warns security tech and author
“It is difficult to spot geographical differences in written Chinese nowadays, especially among educated people. People with different accents tend to write in a style very similar,” Zhang added.
Numerous Beijingers told the South China Morning Post that they used the word libai often.
Tang Wei, vice-president of cybersecurity company Rising, said Flashpoint’s analysis had useful information but that it was too early to reach a conclusion.
“A professional hacker often leaves behind numerous decoys to mislead the chase,” he said. “The unprecedented outbreak of WannaCry showed they could be highly sophisticated criminals.”


South Korea’s Coupang took 5 months to spot data leak affecting over 33 million people

Japan’s Asahi admits cybersecurity ‘weakness’, says hackers stole info of 2 million people

US, Philippines take cyberwar games to next level amid ‘pressure from China’

Cyberattack hits Danish political parties on eve of local elections

Computer hackers

WannaCry hackers ‘were likely from southern China’

Linguistic analysis of the malware’s ransom note suggests origins of its writers, US security firm says

=== NO ARCHIVE IMAGE === ATN. WANNACRY18. UNDATED HANDOUT

The malware WannaCry infected computers in 150 countries. Photo: Bloomberg

Is North Korea behind WannaCry virus?

Putin blames the United States, Edward Snowden blames Russia and the US blames Pyongyang, via the shady Lazarus Group. Here’s the lowdown

epa05965447 Indonesian patients and relatives wait for their turn at the registration counter of the Dharmais Hospital, after the hospital's information system has been affected by a computer virus, in Jakarta, Indonesia, 15 May 2017. According to media reports, the cancer hospital has been hit by the so-called 'WannaCry' ransomware disturbing the service to the patients. EPA/MAST IRHAM

North Korean leader Kim Jong Un inspects the long-range strategic ballistic rocket Hwasong-12 (Mars-12) in this undated photo released by North Korea's Korean Central News Agency (KCNA) on May 15, 2017. KCNA via REUTERS REUTERS ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. EDITORIAL USE ONLY. REUTERS IS UNABLE TO INDEPENDENTLY VERIFY THIS IMAGE. NO THIRD PARTY SALES. SOUTH KOREA OUT. TPX IMAGES OF THE DAY

A monitor at the Korea Internet and Security Agency. Photo: AFP

North Korean leader Kim Jong-un. Photo: AFP

Chinese cybersecurity firm claims to have developed WannaCry virus ‘vaccine’

A warning screen from a purported ransomware attack photographed by a computer user in Taiwan on May 14. Photo: AP

epa05960672 A programer shows a sample of decrypting source code in Taipei, Taiwan, 13 May, 2017. According to news reports, a 'WannaCry' ransomware cyber attack hits thousands of computers in 99 countries encrypting files from affected computer units and demanding 300 US dollars through bitcoin to decrypt the files. EPA/RITCHIE B. TONGO

(FILES) The National Security Agency (NSA) is shown in this May 31, 2006, aerial file photo in Fort Meade, Maryland. Police opened fire and one suspect died March 30, 2015 after a car tried to ram its way into the headquarters of US National Security Agency, America's electronic eavesdropper. One police officer and a second suspect were hurt in the incident, the NSA's director for strategic communications Jonathan Freed said. It was not immediately clear whether the suspects were shot or wounded when their car crashed into a police security vehicle. An FBI spokeswoman said the incident at Fort Meade, the spy agency's super-secure base in suburban Maryland outside Washington, was not believed to be "related to terrorism." AFP Photo/Paul J. Richards/FILES

FILE - This April 12, 2016 file photo shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. The cyberextortion attack hitting dozens of countries was a "perfect storm" of sorts. It combined a known and highly dangerous security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks. (AP Photo/Michel Euler, File)

Tens of thousands of Chinese firms, institutes affected in WannaCry global cyberattack

Tens of thousands of Chinese companies and institutions – including several major firms in Hong Kong – have been crippled by a global cyberattack. Photo: AFP

(FILES) This file photo taken on November 3, 2016 in Rennes shows a screen viruses list at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation). A major wave of cyberattacks hits dozens of countries around the world on May 12, 2017, affecting hospitals, telecoms companies, government departments and other organisations / AFP PHOTO / DAMIEN MEYER

The next ransomware attack will likely be worse than WannaCry warns security tech and author

A lock screen from the WannaCry cyberattack. Photo: Bloomberg

EEY76J Smart refrigerator with internet of things connectivity touchpad and ice maker and water purifier in modern kitchen

Computer chips sit on a mother board inside a communications room at an office in London, U.K., on Monday, May 15, 2017. Governments and companies around the world began to gain the upper hand against the first wave of an unrivaled global cyberattack, even as the assault was poised to continue claiming victims this week. Photographer: Chris Ratcliffe/Bloomberg

F5GJRN Smart tv and hand pressing remote control

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration TPX IMAGES OF THE DAY

A computer running a Windows Server is seen connected into a network server in an office building in Washington, DC on May 13, 2017. International investigators hunted on May 13 for those behind an unprecedented cyber-attack that affected systems in dozens of countries, including at banks, hospitals and government agencies, as security experts sought to contain the fallout. The assault, which began Friday and was being described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world -- from Russian banks and British hospitals to FedEx and European car factories. / AFP PHOTO / Andrew CABALLERO-REYNOLDS

WannaCry ransomware attack shows the wisdom of having an offline Plan B

Indonesian patients and relatives wait for their turn at the registration counter of the Dharmais Hospital in Jakarta on Monday, after the hospital’s information system was affected by the WannaCry virus. When IT is used as an integral part of services that affect lives, we need to make sure that those services can continue when the system fails. Photo: EPA

A photo taken on May 15, 2017 shows staff monitoring the spread of ransomware cyber-attacks at the Korea Internet and Security Agency (KISA) in Seoul More cyberattacks could be in the pipeline after the global havoc caused by the Wannacry ransomware, a South Korean cybersecurity expert warned May 16 as fingers pointed at the North. More than 200,000 computers in 150 countries were hit by the ransom cyberattack, described as the largest ever of its kind, over the weekend. / AFP PHOTO / YONHAP / YONHAP / REPUBLIC OF KOREA OUT NO ARCHIVES RESTRICTED TO SUBSCRIPTION USE

News

China

People & Culture

Tech

Linguistic analysis of the malware’s ransom note suggests origins of its writers, US security firm says


WannaCry hackers ‘were likely from southern China’

.css-1c6uqr6{color:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;line-height:inherit;overflow-wrap:break-word;}Linguistic analysis of the malware’s ransom note suggests origins of its writers, US security firm says

Linguistic analysis of the malware’s ransom note suggests origins of its writers, US security firm says