North Korea has new ransomware to target significant companies. The group of hackers that has been said to ally with the North Korean regime has to make an increase of extortion cases in 2020.
“Lazarus”, the group of North Korean hackers has been targeting exchanges that are related to crypto since 2019. One of the known group attacks is creating an imitation of a trading bot. This bot was then offered to DragonEx exchange employees. In March 2019, the group stole amounting approximately $7 million from cryptocurrencies from the said exchange company.
Cyfirma, a cybersecurity vendor, has made warnings back in June about the crypto phishing campaign that will be launched by the North Korean Group, Lazarus. The said campaign is sighted to be targeting six nations and 5 million businesses and different individuals. However, today, there are still no confirmed signs that they will proceed with the attack.
Way back early 2017, the group was known to have stolen up to $571 million worth of cryptocurrency. In March 2019, two Chinese nationals were accused of doing cryptocurrency laundering from a crypto exchange hack in 2018 by the Department of Treasury’s Office of Foreign Assets Control of the United States.
Antivirus Maker and Malware lab, Kaspersky have made an announcement on July 28 about new ransomware created by Lazarus. VHD or Virtual Hard Disk is the new threat uprising that targets companies’ internal networks in the economic sector.
Security awareness advocate of KnownBe4, James McQuiggan explained more about VHD. He said:
“A VHD, or Virtual Hard Disk, is a similar concept to that of a USB drive. Instead of physically inserting the USB drive into the port on a computer, the VHD file can be downloaded onto a system to launch the ransomware attack process. For cybercriminals, they don’t need physical access, just electronic access to download the file. This type of attack requires access to the systems. By exploiting external and vulnerable infrastructure or systems, they gain the access needed.”
The group has been known to be watched out for as they breach a company’s network and encrypt their data. After that, they do a crypto-based ransom to be preferred paid in Monero or XMR.