Flashpoint, a US-based internet security consultancy, claimed that the ransom note was written by "native Chinese-speakers with southern accents," from regions in or around the southern Chinese mainland, Hong Kong, Singapore, or possibly Taiwan, according to the report.
Although earlier reports suggested that the malware attack may have originated from North Korea, the US company's analysis asserts with "high confidence" that the attack was in fact Chinese, the SCMP reported.
Speaking to Sputnik, Leonty Bukshtein, chief editor of the Internet portal "Mobile Telecommunications", drew attention to the WannaCry computer virus being most likely based on the US National Security Agency (NSA)'s malware program.
"I would ask these American experts what they think of Eternal Blue, the NSA's malware program which is believed to be used for creating the WannaCry virus. That's the truth of it. Americans need to justify themselves, which is why they shout: 'Stop thief!' They need to allay the suspicions [from themselves] and pass the blame onto someone else," Bukshtein said.
He also recalled the current standoff between the United States and China, which he said explains Washington's drive to once again point the finger at China.
"As for the language, it's easily faked from elsewhere in the world, so this is not a reason for any conclusions. In any case, I wonder how those who placed the NSA's malware programs in the Internet failed to think of the consequences. After all, there is always someone who wants to take a knife that lies unattended, and swing it anywhere," Bukshtein added.
Meanwhile, the Flashpoint internet security company referred to its analysis revealing that the ransom note was written first in Chinese and then manually translated into English — before using Google Translate to convert the note into other languages.
"A typo in the note, bang zu (幫組) instead of bang zhu (幫助), which means ‘help,'" stated the report, "strongly indicates the note was written using a Chinese-language input system rather than being translated from a different version."
The company added that, "The text uses certain terms that further narrow down a geographic location. One term, libai (禮拜) for ‘week,' is more common in southern China, Hong Kong, Taiwan, and Singapore."
"A professional hacker often leaves behind numerous decoys to mislead the chase," said one cybersecurity expert interviewed by SCMP.
The WannaCry malware, which locks the data of a computer running unpatched versions of the Microsoft Windows operating system and displays a message in 28 languages demanding a cryptocurrency ransom to unlock the device, has affected over 300,000 computers in some 150 countries over the past two weeks, as infections continue to spread.
Never miss a story again — sign up to our Telegram channel and we'll keep you up to speed!