Lazarus Group Shifts Gears with Custom Ransomware
North Korean advanced persistent threat (APT) group called Lazarus has emerged with new custom ransomware first spotted by Kaspersky in attacks against two organizations in March and April of this year. Researchers who have been observing the group’s actions state that the strain of ransomware utilized in the attacks is not well known and indicates that the group is shifting its strategy.
The ransomware is VHD ransomware and was leveraged against two targets, one in France and one in Asia. Both targets are large companies in different industries, according to Kaspersky researchers. The ransomware strain was the only main factor tying the two attacks together, and analysts noticed several cyberattack characteristics that were attributed to Lazarus Group.