The antivirus software maker, Kaspersky has reported that it believes that the Lazarus group is behind the attacks of VHD malware. VHD ransomware has been in the news lately for attacking organisations, and Kaspersky has now reported having proofs linking the malware to North Korean-backed hackers.
Kaspersky Links North Korean Hackers to VHD Ransomware
VHD Ransomware has hit a few companies lately, which was deemed difficult to crack and link the authors of it. But now, Kaspersky comes out with an analysis that, the VHD ransomware is product of Lazarus Group, a North Korean state-sponsored hacking group.
Kaspersky has listed two instances that made them believe the Lazarus group to be the maker of VHD ransomware. They said,
- The use of the MATA (Dacls) malware framework, which is claimed that the Lazarus group is the sole owner of it, was used to deploy the VHD as a final payload.
- The techniques VHD ransomware has used to move across a victim’s internal network. These techniques were previously seen in past Lazarus attacks.
Besides this, the bigger picture of North Korean hackers has also pushed this thought to be true. As several publishers report in past, North Korean state-sponsored hackers have been divided into two categories, viz, one batch for cyber espionage to steal the sensitive and confidential data from hacking companies and data.
And the other for hacking with ransomware strains to steal/hold data for hefty ransom payments. And this VHD ransomware is linked to the second group of hackers. Further, the proceedings from the ransom collections are used to aid the nation’s missions and weapons programs.
The grand ransomware spread – WannaCry from 2017 was also a work of Lazarus group, researchers say. Several countries have blamed the gang and country for creating and letting out such strain on global organisations. And now, VHD ransomware is taking pace against organisations.