Researchers say an analysis of the malware used in the WannaCry malware attack earlier this month suggests a Chinese connection.

The malware infected more than 200,000 computers and systems around the world, locking out users unless they paid a ransom in Bitcoins in exchange for the encryption key.  It caused massive problems with hospitals and the UK's National Health which was forced to postpone operations and chemotherapies because patient records were frozen.  The UK's National Crime Agency, the FBI, and Europol are among the official agencies conducting investigations, but several private researchers are analyzing the problem as well.

The IT security company Flashpoint, which describes itself as "white hat hackers", says Chinese-language versions of the malware showed proper punctuation and grammar.  That seems to show the criminal or criminals are native or fluent in Chinese. 

Oh no!

The WannaCry ransom note appeared in 28 different languages, and earlier it had been thought that North Korea was involved.  But it appears now that translation apps were used.

"It was only really the Chinese and the English versions that appeared to be written by someone that understood the language," said cyber-security expert Professor Alan Woodward from the University of Surrey to the BBC.  "The rest appeared to come from Google Translate.  Even the Korean."

Professor Woodward also believes that the criminals who did this may not have expected the caper would get this much attention:  "They know that so many people are watching them now and that following the money could lead to their downfall. I suspect if they've got any sense at all they'll leave it well alone," he said.  "I actually think they've run for the hills."