It looks as if our in-house security experts were on target when discussing this topic a couple of days ago. Our thoughts were that the subsequent variants of the WannaCry malware were not attached to the original author, as the new variants were coded very sloppily compared to the original coding. This analysis at Performanta makes some very interesting points that are fascinating. They are surmising that the release of the WannaCry RasomWorm may have actually been accidental. While we did not state it publicly last week, the word “anarchists” was thrown around a bit when it came to who was behind the “v2” RansomWorm, which coincides with this analysis.



We also believe there is a reasonable chance the original attack on May the 12th was an accident. The existence of a kill-switch may have been to protect the author(s) in their own analysis environment, and the absence of any newly compiled versions of WannaCry 2.0 shows a lack of commitment from the author(s) to cause more damage or increase their profits.

It remains unknown who the author(s) and/or attacker(s) are behind WannaCry. A question also remains as to whom are responsible for creating and distributing variant II and for what benefit, although the likelihood is simply nothing more than wanting to contribute to the chaos and destruction.

Discussion

Source: [H]ardOCP – WannaCry RansomWare RansomWorm Analysis