WannaCry Ransomware Attack Linked To China, Not Russia Or North Korea

By Tyler Durden | Zero Hedge

A few weeks ago, in what was described as one of the “worst-ever recorded attacks of its kind,” the WannaCry ransomware virus spread the globe at an alarming rate, seizing control of private networks and demanding bitcoin payments to relinquish that control.  As we pointed out then, and not terribly surprisingly, those pesky “Russian hackers,” the same ones that lay relatively dormant for years then suddenly emerged from hibernation in 2016 to hack the DNC, John Podesta and the entire 2016 U.S. presidential election, were initially considered to be the most likely culprits for the WannaCry virus.

Finally, there is the question who is behind this coordinated global attack. Not surprisingly, Russia has been named. There is a high-probability that Russian-language cyber-criminals were behind the attack, said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. “Ransomware is traditionally their topic,” he said cited by Bloomberg. “The geography of attacks that hit post-Soviet Union most also suggests that.”

But, while blaming the Russians was undoubtedly the most convenient solution for advancing the mainstream media’s “Russian hacking” narrative, like much of what has been reported over the past 6 months, it may have not been grounded in reality and/or supported by facts.  As the BBC reports today, new analysis from Flashpoint suggests that the WannaCry virus may have instead emerged from China.

New analysis suggests Chinese-speaking criminals may have been behind the WannaCry ransomware that affected thousands of organisations worldwide.

Researchers from Flashpoint looked at the language used in the ransom notice.

They said the use of proper grammar and punctuation in only the Chinese versions indicated the writer was “native or at least fluent” in Chinese.

The translated versions of the ransom notice appeared to be mostly “machine translated”.

The WannaCry ransom note could be displayed in 28 different languages, but only the Chinese and English versions appeared to have been written by humans.

The English text also used some unusual phrases such as: “But you have not so enough time”.

WannaCry

Of course, North Korea, the other country rounding out the mainstream media’s ‘axis of evil’ and the only viable alternative to Russia, was also blamed…but that seems to have fallen apart as well.

Some earlier analysis of the software had suggested criminals in North Korea may have been behind it.

But the Flashpoint researchers noted the Korean-language ransom note was a poorly translated version of the English text.

“It was only really the Chinese and the English versions that appeared to be written by someone that understood the language,” said cyber-security expert Prof Alan Woodward from the University of Surrey.

“The rest appeared to come from Google Translate. Even the Korean.”

For those who missed it, the WannaCry virus exploited a piece of NSA code known as “Eternal Blue” allowing it to automatically spread across large networks via a known bug in Microsoft’s Windows operating system.  It was thought to be among the most destructive viruses to hit global critical infrastructure in nearly a decade.

24 hours after it first emerged, it has been called the first global, coordinated ransomware attack using hacking tools developed by the NSA, crippling over a dozen hospitals across the UK, mass transit around Europe, car factories in France and the UK, universities in China, corporations in the US, banks in Russia and countless other mission-critical businesses and infrastructure.

According to experts, “this could be one of the worst-ever recorded attacks of its kind.” The security researcher who tweets and blogs as MalwareTech told The Intercept, “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9 million computers in nearly 200 countries.

The fallout, according to cyber-specialists, has been “unprecedented”: it has left unprepared governments, companies and security experts from China to the United Kingdom on Saturday reeling, and racing to contain the damage from the audacious cyberattack that spread quickly across the globe, raising fears that people would not be able to meet ransom demands before their data are destroyed.
The animated map below shows the speed and scale of the global infestation which took just a few hours to cover the globe:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: