Chinese security companies claim China WASN'T the source of the WannaCry ransomware outbreak

Qihoo 360 criticises Flashpoint's linguistic analysis as neither 'correct or professional'

Last month's WannaCry ransomware outbreak was not the work of Chinese sources, according to a number of Chinese IT security companies, who have criticised the linguistic analysis of the ransom notes conducted by Flashpoint.

The ransomware campaign was estimated to have infected at least 300,000 computers and internet-connected devices across 150 countries - including thousands of devices in the NHS which brought many NHS trusts to a halt.

But identifying the likely perpetrators of the attack and where they might have been operating from hasn't been easy.

While Flashpoint pointed the finger at China, rival Symantec suggested that North Korea was ‘highly likely' behind the attack. Symantec claimed that an analysis of malware samples had found strong links between the code used in the ransomware campaign, and malware tools used in attacks against Sony Pictures in 2014 and the $81m cyber-heist perpetrated against Bangladesh Bank last year - all of which have been attributed to North Korea.

Flashpoint's subsequent linguistic analysis, though, strongly indicated that native Chinese speakers were behind the malware. It found that nearly all of the ransom notes were translated using Google Translate, and that only three - the English version and two Chinese versions - were likely to have been written by a human.

According to Flashpoint, it appeared as though the English version was used as the basis for the translation into other languages. However, the two Chinese ransom notes differed "substantially" from the other notes in both "content, format and tone".

It continued: "More generally, the note makes use of proper grammar, punctuation, syntax, and character choice, indicating the writer was likely fluent or at least native. There is, however, at least one minor grammatical error which may be explained by auto-complete, or a copy-editing error."

However, Zheng Wenbin, chief security engineer at Qihoo 360, one of the better known security companies in China, said that the type of analysis Flashpoint attempted should not be taken seriously.

"The correct and professional way is to trace the ransomware through the traits of the code," he told Chinese state-owned media outlet Xinhuanet.

He added that hackers often added characters from different languages into their code to confuse the public and hide their identity.

Li Bosong, deputy chief engineer at Antiy Labs, an anti-virus software provider, added that the report lacked substantial evidence needed to gain the approval of cyber security experts.