North Korea's Lazarus brings state-sponsored hacking approach to ransomware

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2020/07/north-korea-backed-hackers-dip-their-toes-into-the-ransomware-pool/

By Dan Goodin
Ars Technica
July 29, 2020

Lazarus—the North Korean state hacking group behind the WannaCry worm, the 
theft of $81 million from a Bangladesh bank, and the attacks on Sony 
Pictures—is looking to expand into the ransomware craze, according to 
researchers from Kaspersky Lab.

Like many of Lazarus’ early entries, the VHD ransomware is crude. It took 
the malware 10 hours to fully infect one target’s network. It also uses 
some unorthodox cryptographic practices that aren’t “semantically secure,” 
because patterns of the original files remain after they’re encrypted. The 
malware also appears to have taken hold of one victim through a chance 
infection of its virtual private network.

In short, VHD is no Ryuk or WastedLocker. Both are known as “big game 
hunters” because they target networks belonging to organizations with deep 
pockets and, after gaining entry, strike only after doing days or weeks of 
painstaking surveillance.

“It’s obvious the group cannot match the efficiency of other cybercrime 
gangs with their hit-and-run approach to targeted ransomware,” Kaspersky 
Lab researchers Ivan Kwiatkowski, Pierre Delcher, and Félix Aime wrote in 
a post. “Could they really set an adequate ransom price for their victim 
during the 10 hours it took to deploy the ransomware? Were they even able 
to figure out where the backups were located?”

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/