DThe software security company Kaspersky suspects a North Korean hacker group behind attacks with “ransomware”, i.e. a ransomware, in Europe and Asia. Kaspersky announced this on Tuesday. Accordingly, the company was able to assign two attacks in March and April this year to the “Lazarus” group. This acts on its own behalf, but is presumably supported by the North Korean state.

David Kampmann

“We knew that Lazarus’ activities were always geared towards financial gain,” said Ivan Kwiatkowski, security researcher with Kaspersky’s Global Research and Analysis Team (GReAT). Since WannaCry, a malware program that was used for a worldwide cyber attack in May 2017, there have been no activities by the group that can be related to ransom software. She used a so-called VHD ransomware in her attacks. This is characterized above all by self-replication, i.e. continuous reproduction. The aim is to extort money from victims. Between March and May, Kaspersky experts carried out two independent investigations into the VHD ransom software. In the first incident in Europe, it was not clear who was behind the attacks; however, the chain of infection was tracked in the second attack. Researchers have linked them to the Lazarus group. For example, the backers of the attack used a backdoor, a piece of software that provides access to computer systems or another protected function of a computer program. Due to similarities in the code and tools, this could be assigned to the Lazarus group.

Kwiatkowski said the group does not achieve the effectiveness of other cybercriminals. However, there is concern that she is planning a new type of attack. The global threat from ransomware is great, and the victims often go bankrupt. In an official announcement, Kaspersky made recommendations to prevent ransomware attacks. For example, employees should be trained to avoid compromises by ransom software and the systems should always be equipped with the latest technology. Above all, however, companies should never respond to payment claims.