Metadata Analysis Draws its Own Conclusions on WannaCry Authors

The most intriguing mystery that remains about WannaCry is the identity of the attacker. The theory with the best legs is that North Korea’s Lazarus APT is the entity behind the worldwide ransomware outbreak given the discovery of shared code samples in the malware with older Lazarus attacks.

That, however, doesn’t definitively dispel other contentions that point the finger at cybercriminals or other nation-state operatives. For example, a linguistics analysis of the 28 ransom notes embedded in the malware moved away from the Lazarus theory and concluded that the author was a native Chinese or English speaker. It also stated that the Korean version of the ransom note was among the most poorly written, or translated. To take that conclusion as gospel, however, seems premature as well given that native speakers could easily write in broken versions of their language.

Read more

Leave a Comment

Your email address will not be published. Required fields are marked *