The Wanna Cry ransomware worm that ravaged computers across 150 countries recently appears to mark a change in tactics for hacking outfit Lazarus Group, researchers from Symantec (SYMC) say.
Associated with North Korea, the group is credited for the massive hack of Sony (SNE) in 2014 and stealing $81 million from the Bangladesh central bank last year. Sticking up businesses for $300 to $600 per PC is a little down market.
"We now see them for one reason or another indulging in common cyber crime," Vikram Thakur, technical director at Symantec, who said that elements of the Wanna Cry attacks show strong links to Lazarus.
"This is highly unusual and we have never seen this, diverging from activity that is commonly attributed to national state attackers," Thakur said.
Groups affiliated with governments conduct espionage, steal intellectual property, shut down groups or organizations they oppose and siphon money from non-commercial banks. Lazarus is known for conducting extensive research on targets before striking, Thakur added, as the group did with the attacks on Sony and the attacks on the central bank of Bangladesh.
"It's possible some members of the Lazarus Group splintered away from the core group," he suggested, and were acing for their own personal benefit. "We ourselves are in uncharted territory."
The Wanna Cry attacks began to hit PCs of organizations that had not added security patches to some versions of Microsoft (MSFT) Windows on May 12. The scourge paired ransomware that encrypts computers and demands payment with a worm that enabled it to spread quickly. While ransomware and worms are not new, Thakur said, combining them is novel.
Through Lazarus may be displaying new tactics, Thakur suggested the cyber security game plan remains the same. Companies should deploy layered security, which ranges from having a security policy to filtering email and web traffic to backing up and archiving.
"Reduce the timeline for updating applications and operating systems," Thakur said. "Make sure you are backing up as well as testing the validity of your own backups periodically."
Click here for the latest business headlines.