North Korea hacker group Lazarus turns to ransomware: report

An outfit of hackers with links to the North Korean government is on the prowl again, this time reverting to targeting its victims through ransomware. According to a new report, the group has stepped up its game, with the latest strain of malware being an upgrade on previous versions.

While the North Korean government has been linked with several cybercrime outfits, Lazarus remains the most lethal. The group is known for WannaCry, a ransomware that has infected over 300,000 Windows computers worldwide, demanding payment in BTC.

Lazarus is now targeting its victims with new malware, Russian cybersecurity company Kaspersky Lab has revealed. In a new report, the firm attributed a new wave of attacks through a little-known malware strain known as VHD to Lazarus.

VHD crawls all connected disks to encrypt the files while also deleting any folder that contains Windows’ restore point features, the report states.

Kaspersky noted that the malware is unique and “did not fit the usual modus operandi of known big-game hunting groups.” The firm also only found a very limited number of VHD malware samples, indicating that it was custom made, and not bought in the dark web.

According to the Kaspersky report, judging from the ransomware attacks it has tracked this year related to VHD, Lazarus is using more finesse in its attacks. The group spread the malware through the MATA framework which is more advanced and able to attack Windows, macOS and Linux operating systems.

Lazarus has in the past targeted financial systems and institutions, making off with hundreds of millions of dollars. The group was allegedly behind the much-publicized hack of Sony Pictures and the $81 million hack of the Bangladesh Bank.

It has also extensively targeted digital currency exchanges. According to a report by Group-IB, it’s behind the biggest hack in the industry where it made off with $534 million from Coincheck exchange.

However, its dive into ransomware is a cause for worry, Kaspersky’s senior security researcher Ivan Kwiatkowski said, explaining:

“While it is obvious that the group cannot match the efficiency of other cybercriminal gangs with this hit-and-run approach to targeted ransomware, the fact that it has turned to such types of attacks is worrisome. The global ransomware threat is big enough as it is, and often has significant financial implications for victim organizations up to the point of rendering them bankrupt.”

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.