WannaCry ransomware attack has been traced back to China

Ransomware software WannaCry has been traced back to China thanks to a team of researchers at Flashpoint translating the language used in the ransom not...

Callum Rivett
|May 31|magazine3 min read

Ransomware software WannaCry has been traced back to China thanks to a team of researchers at Flashpoint translating the language used in the ransom notice. 

They discovered that only the English and Chinese versions of the notice were written by humans, whereas all the other languages had come from using Google Translate - including the Korean version. 

This ruled out the previously suspected North Korean hacker group Lazarus after similar backdoor coding provided a link between the ransomware and the 2014 attack on Sony Pictures. 

Whilst the cyber-attack hit around 200,000 computers worldwide and caused major disruptions to businesses and governments - including the British National Health Service - the perpetrators have been reluctant to claim the bitcoins that victims had paid to retrieve their encrypted files. 

Ultimately, any attempt to withdraw the bitcoins from their wallet would be tracked down feverishly by Interpol, the FBI and the UK's National Crime Agency, and so far it appears the hackers have withdrawn from the world as their command and control systems have been switched off.

The original WannaCry virus was stopped when malware expert @MalwareTechBlog "accidentally" activated a kill-switch by purchasing the website domain hidden in the code.