North Korea’s Lazarus brings state-sponsored hacking approach to ransomware

Enlarge (credit: Aurich Lawson / Getty)

Lazarus—the North Korean state hacking group behind the WannaCry worm, the theft of $81 million from a Bangladesh bank, and the attacks on Sony Pictures—is looking to expand into the ransomware craze, according to researchers from Kaspersky Lab.

Like many of Lazarus’ early entries, the VHD ransomware is crude. It took the malware 10 hours to fully infect one target’s network. It also uses some unorthodox cryptographic practices that aren’t “semantically secure,” because patterns of the original files remain after they’re encrypted. The malware also appears to have taken hold of one victim through a chance infection of its virtual private network.

In short, VHD is no Ryuk or WastedLocker. Both are known as “big game hunters” because they target networks belonging to organizations with deep pockets and, after gaining entry, strike only after doing days or weeks of painstaking surveillance.

Read 8 remaining paragraphs | Comments

from Tech – Ars Technica https://ift.tt/2COW9DB