Claims of WannaCry ties to China 'groundless,' Chinese firms say

Chinese cybersecurity companies call a linguistic analysis linking WannaCry to their country “unprofessional.”

Zoey Chong Reporter
Zoey is CNET's Asia News Reporter based in Singapore. She prefers variety to monotony and owns an Android mobile device, a Windows PC and Apple's MacBook Pro all at the same time. Outside of the office, she can be found binging on Korean variety shows, if not chilling out with a book at a café recommended by a friend.
Zoey Chong
2 min read

Chinese cybersecurity companies dismiss claims that WannaCry ransomware originated in China.


A report suggesting that WannaCry ransomware's authors could be native Chinese speakers has drawn fire from Chinese cybersecurity experts.

China-based cybersecurity companies Qihoo 360 and Antiy Labs have come to their country's defense, calling Flashpoint's linguistic analysis last month "groundless" and "unprofessional," Chinese state-run media Xinhua reported Monday.

The WannaCry ransomware struck more than 100,000 businesses and organizations across 150 countries in May. The attackers locked computer files and demanded money to release them.

Flashpoint came to its conclusion after analyzing WannaCry's ransom notes in 28 languages. Flashpoint said the authors of WannaCry were likely native Chinese speakers who may also be familiar with English. The company suggested the authors may have come from southern China, Hong Kong, Taiwan or Singapore.

The analysis came after cybersecurity companies Kaspersky and Symantec, as well as Google security researcher Neel Mehta, looked at the traits of the code and drew links to Lazarus Group, a hacking group commonly thought to be working out of China for the North Korean government.

Zheng Wenbin, chief security engineer of Qihoo 360, and Li Bosong, deputy chief engineer at Antiy Labs, said that Flashpoint's report lacked "substantial evidence" and that cybersecurity experts from China and abroad can "easily" see the "falsity" of claims that the ransomware came out of China, according to Xinhua.

Alexander Gostev, chief security expert of Kaspersky's global research and analysis team, told CNET in an email that the linguistic analysis was done on the ransom notes for WannaCry.

"That only means the authors of the text [are] Chinese-speaking," Gostev said. They're not necessarily the code's authors, he added.  

Flashpoint did not respond to CNET's request for comment.

Virtual reality 101: CNET tells you everything you need to know about VR.

CNET en Español: Get all your tech news and reviews in Spanish.