North Korea-linked cyber criminal clique Lazarus developed VHD ransomware: Kaspersky

K V Kurmanath Hyderabad | Updated on July 29, 2020

The research found fresh insights into these widespread and dangerous attacks; the behaviour of cyber criminals in compromised accounts, and how the organisation can make defence strategies accordingly   -

Lazarus, a cyber criminal clique linked to North Korea, seems to have developed and operated VHD ransomware.

Cyber security experts say this move indicates its readiness to enter the big hunt for financial gain, which is highly unusual among the APT (Advanced Persistent Threat) groups that Lazarus belong to.

VHD ransomware is designed to extort money from its victims after luring them into opening malicious links. Cyber security experts at Kaspersky connect this variant of ransomware to Lazarus after they found the group’s niche tools in the attacks against businesses in France and Asia.

This is also the first time it has been established that the Lazarus group has resorted to targeted attacks for financial gain, having created and solely operated its own ransomware, which is not common in the cybercrime ecosystem.

“We have seen in the past of Lazarus' interest in running their operations in the Asia-Pacific region. Every attack was designed to exploit the vulnerabilities in the systems, which helped them achieve their goals effortlessly,” Stephan Neumeier, Managing Director of Kaspersky Asia-Pacific, has said.

“It is time for us to move from cyber security to achieving cyber immunity,” he added.


He asked the organisations to reduce the chance of ransomware getting through via phishing and negligence. “Explain to employees how following simple rules can help a company avoid ransomware incidents. Dedicated training courses can help,” he said.

“You must ensure all software, applications, and systems are always up to date. Companies must carry out a cybersecurity audit of their networks and remediate any weaknesses discovered,” he said.

“If you become a victim, never pay the ransom. Report the incident to your local law enforcement agency,” he said.

Published on July 29, 2020

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor