Lazarus—the North Korean state hacking group behind the WannaCry worm, the theft of $81 million from a Bangladesh bank, and the attacks on Sony Pictures—is looking to expand into the ransomware craze, according to researchers from Kaspersky Lab.
Like many of Lazarus’ early entries, the VHD ransomware is crude. It took the malware 10 hours to fully infect one target’s network. It also uses some unorthodox cryptographic practices that aren’t “semantically secure,” because patterns of the original files remain after they’re encrypted. The malware also appears to have taken hold of one victim through a chance infection of its virtual private network.