Analysis of the ransom notes suggests hackers used Google Translate to translate a note written in Chinese into other languages.
While WannaCry has been linked to hackers in North Korea, security firm Flashpoint said their analysis suggests a connection to southern China.
In a blog post, Flashpoint outlined their linguistic analysis of the ransom notes that were sent to WannaCry’s victims in 150 countries.
The notes all told victims virtually the same thing – that they should transfer an amount of bitcoin or else their data would be lost forever.
GETTY • GOOGLE
WannaCry hackers used Google Translate to write ransom notes, experts have claimed The biggest cyber-attacks, hacks and data breaches Sat, May 13, 2017
From viruses to data breaches, cyber-crime is far from a modern invention – here is Express.co.uk's list of some of the biggest attacks in history.
Getty Images 1 of 15
14 of the biggest cyber-attacks, hacks and data breaches in history
Flashpoint’s researchers studied the ransom notes and fond whoever wrote it was likely either “native or at least fluent” in Chinese.
Out of the 28 different notes, the security firm said only two Chinese character versions and the English version were written by a human.
The other 25 notes appear to have been an English note that was put through Google Translate.
In a blog post, Flashpoint said: “Analysis revealed that nearly all of the ransom notes were translated using Google Translate and that only three, the English version and the Chinese versions (Simplified and Traditional), are likely to have been written by a human instead of machine translated.
“Though the English note appears to be written by someone with a strong command of English, a glaring grammatical error in the note suggest the speaker is non-native or perhaps poorly educated.
Get Quotes on Home Insurance
The WannaCry ransom note in English. It is believed others were translated using Google Translate
North Korean leader Kim Jong-un. Hackers linked to Pyongyang were linked to the WannaCry attack
“Flashpoint found that the English note was used as the source text for machine translation into the other languages.
“Comparisons between the Google translated versions of the English ransomware note to the corresponding WannaCry ransom note yielded nearly identical results, producing a 96 per cent or above match.”
Flashpoint added that the English ransom note was almost perfect except for “a glaring grammatical error” which suggests “the speaker is non-native or perhaps poorly educated.”
The security firm added: “The two Chinese ransom notes differ substantially from other notes in content, format, and tone.
Inside North Korea: The pictures Kim Jong-un doesn't want you to see Thu, May 18, 2017
Photographer Eric Lafforgue ventured to North Korea six times. Thanks to digital memory cards, he was able to save photos that was forbidden to take inside the segregated state
Eric Lafforgue/Exclusivepix Medi 1 of 69
Taking pictures in the DMZ is easy, but if you come too close to the soldiers, they stop you
“Google Translate fails in both Chinese-English and English-Chinese tests, producing inaccurate results that suggests the Chinese text was likely not have been similarly generated by the English text.
“A number of unique characteristics in the note indicate it was written by a fluent Chinese speaker.
“A typo in the note, “帮组” (bang zu) instead of “帮助” (bang zhu) meaning “help,” strongly indicates the note was written using a Chinese-language input system rather than being translated from a different version.”
The WannaCry ransomware cyber attack hit the NHS and users in 150 countries.
The malicious software is used by hackers to block access to a computer system until a ransom is paid.
WannaCry locks the data on a computer system and leaves the user with two files: instructions on what to do and the Wanna Decryptor programme.
Victims are warned that their files will be deleted within days.
It had previously been thought North Korean hackers known as the Lazarus Group were behind the WannaCry ransomware attack.
Experts have connected the hacking group to the North Korean state, led by despot Kim Jong-un.
The Lazarus Group were reportedly behind the Sony Pictures Entertainment hack in 2014.
This came in response to anger over the Seth Rogen and James Franco comedy The Interview – which depicts a CIA plot to assassinate Kim.