Lazarus, a cyber criminal clique linked to North Korea, seems to have developed and operated VHD ransomware.

Cyber security experts say this move indicates its readiness to enter the big hunt for financial gain, which is highly unusual among the APT (Advanced Persistent Threat) groups that Lazarus belong to.

VHD ransomware is designed to extort money from its victims after luring them into opening malicious links. Cyber security experts at Kaspersky connect this variant of ransomware to Lazarus after they found the group’s niche tools in the attacks against businesses in France and Asia.

This is also the first time it has been established that the Lazarus group has resorted to targeted attacks for financial gain, having created and solely operated its own ransomware, which is not common in the cybercrime ecosystem.

“We have seen in the past of Lazarus' interest in running their operations in the Asia-Pacific region. Every attack was designed to exploit the vulnerabilities in the systems, which helped them achieve their goals effortlessly,” Stephan Neumeier, Managing Director of Kaspersky Asia-Pacific, has said.

“It is time for us to move from cyber security to achieving cyber immunity,” he added.


He asked the organisations to reduce the chance of ransomware getting through via phishing and negligence. “Explain to employees how following simple rules can help a company avoid ransomware incidents. Dedicated training courses can help,” he said.

“You must ensure all software, applications, and systems are always up to date. Companies must carry out a cybersecurity audit of their networks and remediate any weaknesses discovered,” he said.

“If you become a victim, never pay the ransom. Report the incident to your local law enforcement agency,” he said.