Kaspersky: North Korea uses ransomware against companies

Hackers’ tools and techniques connect to the North Korean Lazarus group. Among other things, they spread the ransomware VHD via the malware framework MATA. It is only used by the Lazarus hackers.

Kaspersky claims to have unmasked the backers of a new ransomware variant called VHD. When analyzing two incidents, company researchers found tools and techniques that connect to the Lazarus Group – hackers who are said to work for the government of North Korea.

Flag of North Korea (Image: Public Domain)According to the analysis, the hackers penetrated the networks of two companies and left the Ransomware VHD there. To infiltrate the ransomware, they used the malware framework MATA (Dacls), which is also used by Lazarus. In addition, techniques used to spread the malware on the network were most recently observed in Lazarus campaigns.

“The data available to us suggests that VHD ransomware is not an off-the-shelf commercial product; and as far as we know, the Lazarus Group is the sole owner of the MATA framework. Therefore, we come to the conclusion that the VHD ransom is also in Lazarus’ account and operated by her, ”said the Kaspersky report.

The procedure also fits with previous actions by North Korean hackers. They fall into two categories: cyber espionage and hacker attacks aimed at generating revenue for the government.

The Lazarus Group is also held responsible for cyber attacks on banks, the theft of cryptocurrencies or the operation of crypto-mining botnets. Attacks on ATMs and the theft of credit card data and their sale in relevant forums are also accused of hackers. Their portfolio also includes penetrating corporate networks, stealing data and threatening to publish it if no ransom is paid.

However, according to Kaspersky, VHD is the first foray into ransomware that has been assigned to the Lazarus group – a development that is not surprising in itself, since ransomware is one of the most lucrative business models in the field of cybercrime.

Western intelligence agencies believe, however, that WannaCry was triggered by a wave of North Korean hackers that got out of control. According to Kaspersky, VHD was programmed better than WannaCry. And so far, the ransomware has only been used against a few selected targets that should be able to pay a high ransom.

To new heights with SkySQL, the ultimate MariaDB cloud

In this webinar we will introduce SkySQL to you, explain the architecture and explain how it differs from other systems Amazon RDS on. You will also get an insight into the product roadmap, a live demo, and how to get SkySQL up and running in minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *