Technews

Category Archive Technews

Homepage > Panview Network security experts: It’s nonsense to point fingers at China for WannaCry ransomware


In May, WannaCry ransomware had infected computers worldwide. Reportedly, the US network Security Company Flashpoint noticed the virus software was written in Chinese Southern dialect, and hence pointed fingers at Southern China, Hong Kong and Taiwan regions, or Singapore.

Accordingly, reports of “WannaCry ransom notice analysis suggests Chinese link,” appeared in some foreign media outlets.

According to CCTV.com’s interview with internet security experts on June 10, the analysis is unprofessional, while the argument stands unfounded and seems fishy.

Earlier, the South China Morning Post reported that researchers from Flashpoint are convinced the WannaCry writer comes from southern area of Chinese mainland, or Hong Kong, Taiwan, or Singapore, since texts appeared on the screens of infected computers were initially written in Chinese, and then translated into English.

But one of China’s leading anti-virus enterprises, 360’s Chief Cybersecurity Engineer Zheng Wenbin refuted it as unreliable while talking to CCTV.com.

The approach for summarizing the conclusion does not appear professional. Flashpoint had concluded its argument by text language analysis. The feature of the virus plays out that texts appear first and then infected computer users are asked for ransom.

But the virus does not appear in only Chinese but many other languages as well. The virus was written in authentic Chinese, but this doesn’t lead to a necessary conclusion that the virus has direct links to Chinese.

Experts on cybersecurity believe the way to analyze a virus source depends on malicious code. The malicious code analysis is a professional approach. Moreover, hackers are cunning, and therefore coating their virus with camouflage or misleading intentionally are some common methods for them.

Deputy Chief Engineer Li Baisong of ANTIY, another key player in China’s anti-virus field, said the judgment issued by Flashpoint lacks credibility. Their conclusion is based on a Chinese package appearing in the blackmail of the WannaCry. Apparently, hackers can use Chinese fluently, but a person who masters Chinese does not suggest the person is native Chinese.

Additionally, the language package does not have close relevance to the virus itself. The main part of the virus would spread to other computers and encrypt files itself. It is really hasty to make judgments from the text’s language.

The works about seeking for the source of the virus usually covers the origin of the attack, Detecting and Containing IRC-Controlled Trojans, and information exposed by a malicious code itself. The above statements have close relations with the virus itself, instead of the language used to write it.

According to analysis of the malicious code for the virus, attack targets, language packs and other factors, there is no evidence the attacker comes from China.

From May 12 on, more than 200,000 computer users in 150 countries around the world have suffered from WannaCry ransomware attacks, and China is one of the victims. Li believes the analysis of malicious code for the virus software shows attack targets are random, and without restrictions.

A country with a bigger population and more Internet users would more likely be attacked by WannaCry, and actually China indeed had suffered bigger losses.

Zheng said the network security incident has inflicted a negative impact on the world. Perhaps Flashpoint, a growing company, sees this as an opportunity to grab the spotlight, by issuing such an eye-catching report of disgracing China.

Who is the real backstage manipulator? There has been no hacker organizations claiming responsibility. Investigations by international cyber security organizations are still underway. Nevertheless, the hacker’s hacking tool comes from the US National Security Agency’s (NSA) virus arsenal.

According to the Financial Times and New York Times, the virus writer has used EternalBlue that was Windows system hacking tool self-designed by the NSA, but EternalBlue was stolen last year.

The virus writer has upgraded an ransomware that appeared last February. The CEO of Microsoft has published an article blaming the NSA for not disclosing security vulnerabilities, which allowed criminal organizations to exploit it.

Experts say there has emerged a serious risk for network forces proliferation. The network attack technology is featured with low replication costs. Driven by huge profits, ransomware could become a huge threat. The WannaCry ransomware incident should raise alarm bells.

It is necessary to increase investment on network security technology, and to pay more attention on effective protections of terminals.