Lazarus hackers, a notorious group of cybercriminals allegedly linked with the North Korean government have maintained their cryptocurrency extortion efforts active in the first half of 2020. Reports that emerged on July 28 reveal that new ransomware from North Korea is now designed to target big companies around the world.

In 2019, the hackers targeted many crypto exchanges and their illegal activities were published in a report by Chainalysis. One of their major attacks consisted of the development of a fictitious trading bot. The bot was delivered to employees who were working at the DragonEX exchange.

North Korea flag is depicted on the screen with the program code. The concept of modern technology and site development

According to the findings acquired in March 2019, Lazarus hackers managed to steal almost $7 million in various crypto denominations from the Singapore-based exchange.

Last month, Cyfirma cybersecurity vendor warned that there is a high likelihood for the North Korean cybercriminal group to launch a major cryptocurrency phishing campaign. The campaign might attack six countries which will affect over five million individuals and companies.

But for now, no confirmed signs are indicating that the Lazarus hackers plan to launch the major widespread attack.

Collaborators Sanctioned

The Lazarus group is also known to have successfully stolen $571 million in cryptos since the start fo 2017 according to Group-IB. Data from Group-IB cyber-crime companies indicates that most of the targeted exchanges are based in South Korea. They include Bithumb, YouBit, and Coinrail.

Cyber Attack By North Korean Criminal Hacking 3d Illustration

In March 2020, the US Department of the Treasury’s Office of Foreign Assets Control, or OFAC, decided to sanction two individuals from China. These Chinese nationals faced allegations of laundering cryptocurrency that had come from a 2018 crypto exchange hack.

A New Ransomware Is Developed By Lazarus

A research performed by Kaspersky and whose findings were published on July 28, 2020, indicate that Lazarus has developed new ransomware. This new threat goes by the name Virtual Hard Disk (VHD) malware. It is designed to primarily target the internal networks of companies that operate in the economic sector.

VHD implements a mechanism to resume its activities whenever the encryption process is interrupted. In the case that the files involved are bigger than 16MB, the ransomware keeps all the current cryptographic data on the hard drive, in cleartext. That information and data are not deleted securely afterward. It means that there might be a possibility of recovering some of these files.

North Korea’s Lazarus Hackers Going For A Mega Hunt 1

James McQuiggan who works as the security awareness advocate at KnowBe4 highlighted on how the VHD ransomware operates:

“A VHD, or Virtual Hard Disk, is a similar concept to that of a USB drive. Instead of physically inserting the USB drive into the port on a computer; the VHD file can be downloaded onto a system to launch the ransomware attack process. For cybercriminals, they don’t need physical access, just electronic access to download the file. This type of attack requires access to the systems. By exploiting external and vulnerable infrastructure or systems, they gain the access needed.”

The data acquired by Kaspersky tends to suggest that the VHD ransomware is not entirely a commercial off-the-shelf product. Since the Lazarus group is the only owner of the MATA framework, then, the VHD ransomware is also owned, managed, and operated by the hackers.

Lazarus Hackers’ Group Operating Solo Ops

Experts at Kaspersky speculated on the possible reasons behind Lazarus’s decision to operate solo ops:

“We can only speculate about the reason why they are now running solo ops; maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”

Hacker from north korea at work cybersecurity concept

The Lazarus hackers group mainly attacks company networks targeting to encrypt their data. After they launch their attacks successfully, they force the victim to send crypto-based ransom and in most cases, they ask for Monero (XMR) payments.

About the author

Wanguba Muriuki is an Editor at Large for E-Crypto News and author of the book- "The Exploitative Intrigues of Cryptocurrency Scams Explained." He is also a passionate creator who sees every aspect of life from a written perspective. He loves Blockchain, Cryptocurrency, Technology, and Traveling. He is a widely experienced creative and technical writer. Everything and everyone is describable. The best description is written.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin56,825 0.64 % 1.55 % 1.60 %
Ethereum4,576.5 1.24 % 1.90 % 5.08 %
Binance Coin623.27 1.49 % 0.34 % 5.02 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana223.78 2.01 % 5.02 % 0.76 %
Cardano1.550 1.29 % 1.29 % 11.58 %
XRP0.9872 1.03 % 2.22 % 7.45 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Dogecoin0.2215 0.68 % 1.42 % 7.23 %

Bitcoin (BTC) $ 57,012.00
Ethereum (ETH) $ 4,598.48
Binance Coin (BNB) $ 628.73
Tether (USDT) $ 0.998128
Solana (SOL) $ 225.96
Cardano (ADA) $ 1.56
XRP (XRP) $ 0.992936
Polkadot (DOT) $ 36.92
USD Coin (USDC) $ 0.998164
Dogecoin (DOGE) $ 0.20848