The latest reports reveal that new ransomware from North Korea is now targeting major companies. An elite group of hackers that are linked with the North Korean government have maintained their crypto extortion activities active in 2020.
The North Korean hackers’ group is renowned by the name ‘Lazarus’ and it targeted multiple crypto exchanges in 2019. Their activities were documented in a report that was published by Chainalysis.
One of the notable attacks features the creation of a phony trading bot. That bot was given to employees working at the DragonEx exchange. These findings reveal that in March 2019, the hackers managed to steal around $7 million in different cryptos from the Singapore-based exchange.
In June, cybersecurity vendor Cyfirma warned about the possibility of a massive crypto phishing campaign that might arise from the North Korean cybercriminal group. That campaign will supposedly target six countries and more than five million companies and individuals.
There are no confirmed signs for now indicating that the hackers plan to execute the massive widespread attack.
Authorities Have Sanctioned Collaborators
The hacker group is also known to have managed to steal a whole $571 million in cryptos since early 2017. That data was obtained from a study that was conducted by cyber-crime company, Group-IB.
In March this year, the United States Department of the Treasury’s Office of Foreign Assets Control, or OFAC, decided to sanction two Chinese nationals who faced accusation of laundering crypto that had originated from a 2018 cryptocurrency exchange hack.
A New Ransomware Arises
A research performed by the antivirus maker and malware lab, Kaspersky, announced on July 28 that a new ransomware had been developed by Lazarus. The new threat goes by the acronym VHD and it mainly targets the internal networks of firms operating in the economic industry.
The security awareness advocate at KnowBe4, James McQuiggan, explained to reporters about how the VHD ransomware works:
“A VHD, or Virtual Hard Disk, is a similar concept to that of a USB drive. Instead of physically inserting the USB drive into the port on a computer; the VHD file can be downloaded onto a system to launch the ransomware attack process. For cybercriminals, they don’t need physical access, just electronic access to download the file. This type of attack requires access to the systems. By exploiting external and vulnerable infrastructure or systems, they gain the access needed.”
A Group Operating Solo Ops
Kaspersky experts speculated on the likely reasons behind Lazarus’s decision to work solo ops:
“We can only speculate about the reason why they are now running solo ops; maybe they find it difficult to interact with the cybercrime underworld; or maybe they felt they could no longer afford to share their profits with third parties.”
Lazarus mostly attacks a company’s network aiming to encrypt its data. Once successful, they ask the victim for crypto-based ransom and in many cases, they prefer Monero (XMR) payments.