https://arstechnica.com/information-technology/2020/07/north-korea-backed-hackers-dip-their-toes-into-the-ransomware-pool/
By Dan Goodin
Ars Technica
July 29, 2020
Lazarus—the North Korean state hacking group behind the WannaCry worm, the
theft of $81 million from a Bangladesh bank, and the attacks on Sony
Pictures—is looking to expand into the ransomware craze, according to
researchers from Kaspersky Lab.
Like many of Lazarus’ early entries, the VHD ransomware is crude. It took
the malware 10 hours to fully infect one target’s network. It also uses
some unorthodox cryptographic practices that aren’t “semantically secure,”
because patterns of the original files remain after they’re encrypted. The
malware also appears to have taken hold of one victim through a chance
infection of its virtual private network.
In short, VHD is no Ryuk or WastedLocker. Both are known as “big game
hunters” because they target networks belonging to organizations with deep
pockets and, after gaining entry, strike only after doing days or weeks of
painstaking surveillance.
“It’s obvious the group cannot match the efficiency of other cybercrime
gangs with their hit-and-run approach to targeted ransomware,” Kaspersky
Lab researchers Ivan Kwiatkowski, Pierre Delcher, and Félix Aime wrote in
a post. “Could they really set an adequate ransom price for their victim
during the 10 hours it took to deploy the ransomware? Were they even able
to figure out where the backups were located?”
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
