Although earlier reports suggested a North Korean origin for the malware, the US company's analysis asserts the south China origin with "high confidence," SCMP reports.
The targeted malware, which locks the data of a computer running certain versions of the Microsoft Windows operating system and displays a message in 28 languages demanding a cryptocurrency ransom to unlock the device, has affected over 300,000 computers in some 150 countries over the past two weeks, as infections continue to spread. 
The internet security company claimed that analysis revealed that the ransom note was written first in Chinese and then manually translated into English - before using Google Translate to convert the note into other languages.