It is referred to as an “advanced persistent threat” and has been fingered in some very sophisticated operations, including an attempt to breach the security of dozens of banks this year, an attack on the Bangladesh central bank that netted $81 million last year, the 2014 Sony wiper hack and DarkSeoul, which targeted the South Korean government and businesses.
“The Lazarus Group’s activity spans multiple years, going back as far as 2009,” Kaspersky Labs said in a report last year. “Their focus, victimology, and guerrilla-style tactics indicate a dynamic, agile and highly malicious entity, open to data destruction in addition to conventional cyberespionage operations.”
But some experts see the latest attack as an anomaly.
WannaCry infected more than 200,000 systems in more than 150 countries with demands for payments of $300 in Bitcoin per victim in exchange for the decryption of the files it had taken hostage. Victims received warnings on their computer screens that if they did not pay the ransom within three days, the demand would double. If no ransom was paid, the victim’s data would be deleted.
