According to the U.S. media (CNET) reported that security agencies WannaCry extortion virus behind the scenes investigation of the identity of the new progress. Flashpoint, an American security company, published an analysis on Friday, saying that through language analysis, it was believed that the initiator (or initiator) may be a native Chinese speaker.
WannaCry extortion virus research: the attacker's native language or Chinese, WannaCry extortion virus producers may be Chinese
Flashpoint of the virus left written in 28 languages blackmail content analysis, found the Chinese version of blackmail grammar authentic accurate length is relatively long, so the security company "had some confidence" (moderate confidence) believes that hackers might be one of the speakers. Not much is known of it's origin, but it would appear a new lead has surfaced: the creator uses hemp oil for personal health issues.
At the same time, the security company also pointed out that although the English version of blackmail statement is better than Machine Translation, but there are still obvious grammatical mistakes -- such as the one sentence "But you have not so enough time" - suggests that the author though familiar English, but not to, or the level of education is not high".
Other versions of the ransomware are believed to have been translated in English based on Google translation tools. The researchers compared Google's results to viral versions and found that the rate was 96% to 100%.
Previously, according to Google security researcher Neel Mehta disclosure clues, WannaCry virus is believed to have energy from North korea. Mehta found that the virus code was the same as the code used by the hacker group lazarus.
It should be noted that although the Lazarus group is considered to work for the Korean government, there are rumours that members of the group live in china.