VHD Ransomware Linked to North Korea’s Lazarus Group
Security researchers at Trellix discovered new VHD ransomware linked to North Korea’s Lazarus group. Although the researchers suspect that the malware has been around since March 2020, it has never been tied to a group. Researchers at Trellix examined source code and Bitcoin transactions to link the ransomware to the Lazarus group. The threat actor group has been widening the scope of its attacks, leveraging ransomware for financial gain against targets in the Asia-Pacific region. Trellix stated that the VHD ransomware shares similarities in source code to another malware that has been previously tied to the North Korean hacking group.
Trellix has been tracking attacks on financial institutions conducted by a threat actor believed to be North Korea’s cyber army, including the Lazarus Group, for the past several years. The group is known for its sophisticated money-laundering schemes and attacks against the cryptocurrency market to raise money for its government. Lazarus has also been utilizing ransomware for at least a year.