Incident analysis by Kaspersky of two cases in Europe and Asia has uncovered that VHD ransomware – first discussed in public in spring 2020 – is owned and operated by Lazarus, a prominent APT group. The move by Lazarus to create and distribute ransomware signifies a change of strategy and indicates a willingness to engage in big game hunting in pursuit of financial gain, which is highly unusual among state-sponsored APT groups.
Read more on Kaspersky.
If a private company is hit with VHD ransomware, then will they have to consider that by paying any ransom, they are paying a country that is an enemy of the U.S. — a country that might use the ransom funds to develop nukes used to attack the U.S.?
The government has tried to discourage entities from paying ransom or extortion demands. But would they actually crack down to prevent it in a case like this? And would you really want them to?