North Korean hackers create new ransomware

North Korean hackers create new ransomware

There would be the group of cybercriminals Lazarus behind the dangerous Vhd ransomware, created to make money in parallel operations

Kim Il Sung square in Pyongyang (Getty Images) There would be the group of North Korean cybercriminals Lazarus behind the creation and diffusion of VHD ransomware that hit Europe and Asia earlier this year.

VHD is a virus capable of encrypting files stored on the infected system with the aim of extorting a large sum of money from victims. Ransomware stands out for its ability to self-replicate using a diffusion method similar to an Advanced persistent threat (Apt), that is by exploiting a function within which the specific credentials of the victims have been inserted.

At the beginning In 2020, cybersecurity companies found themselves dealing with the new ransomware without knowing who managed it. Between March and May, some IT security organizations, including Kaspersky, conducted several investigations into Vhd ransomware starting from the first attack that took place against some companies on French soil.

Cybersecurity experts noted that the tools used to infect the systems were attributable to the modus operandi of the Lazarus group. Although the diffusion techniques used were similar to those of the Apt groups, the ransomware used was a novelty and therefore external to the deep-web black market. This detail intrigued Kaspersky's investigation team which, investigating a second incident in Asia, obtained a complete picture of the infection chain and linked the ransomware to the cybercriminals of Lazarus.

“ The link is established, indicated that Lazarus was responsible for the campaigns of the ransomware Vhd documented so far. Also, for the first time, it could be established that this group has adopted ransomware attacks aimed at profit-making, having created and managed their own ransomware, an activity unusual in the cybercrime ”, explains the team of Kaspersky Lab in a statement.

The new move Lazarus to create and distribute the ransomware would indicate a change of strategy on the part of cybercriminals , hitherto known for cyber-attacks to networks atm and had a role in the dissemination of WannaCry , which now aims to achieve great economic gains.

This would be an unusual behaviour and worrying for a group sponsored by a State, because you are not satisfied most of the money earned thanks to the attacks on the targets listed, but would choose their victims to enrich themselves regardless.

“ After these discoveries, the question we ask ourselves is if these attacks are an isolated experiment or a part of a new trend and, consequently, if private companies have to worry about being targeted by a threat actor sponsored by a state, ” said Ivan Kwiatkowski, a senior researcher in security Great Kaspersky (the team's global analysis). And he added: “ In any case, organizations must remember that the data protection is today more important than ever . Create back-up blocks of the main data and invest in defenses, reactive oxygen is a must for every company ”.

Powered by Blogger.