A new report was published revealing details about the dangerous VHD Ransomware which is believed to have been created by the Lazarus Group, a collective from North Korea. What is known about the intrusions is that advanced tactics have been used to carry out the infections.
The Lazarus Group From North Korea May Be The One Behind The VHD Ransomware
The VHD Ransomware which has been known to cause widespread attacks against set targets. The intrusions have been carried out using a complex infection technique. According to the research made on the collected samples the hackers are using two distinct methods in order to deploy the dangerous ransomware:
- The Use of The DACLS Malware Framework — The criminals appear to have used a cross-platform version or a Mac equivalent of the Dacls framework. This was originally a standalone Trojan malware which was initially launched back in December 2019. The first major attack campaign focused on Chinese users and included an infected two-factor authentication method called MinaOTP. Using the complex infection sequence the VHD Ransomware can be deployed to the infected victims.
- Network Worm Approach — The ransomware can also be deployed by another malware which has penetrated the internal network of the target host computer.
The VHD Ransomware which was detected in the beginning was spread in Europe. The first samples which were detected of it did not show any code snippets that have been taken from other well-known threats. The hackers have implemented several noteworthy features to the virus, one of which is the use of the resume operation. If the encryption operations are interrupted for some reason then at a convenient time it will resume working.
The complex infection technique corresponds to the workings of the North Korean Lazarus Group both by analyzing the type of viruses and the way they propagate to the target hosts. In one of the detected samples the researchers have discovered that a network backdoor has been used to open a connection to the hacking group. They have used this in order to deploy the ransomware malware.
Security researchers are also making comparisons between the VHD Ransomware and the infamous WannaCRy virus – the consensus is that VHD is much better coded and includes a lot of improvements over other malware of this generation.