Security News > 2022 > July > Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated North Korean state-sponsored actors that have been active since last year.

A group tracked by researchers from Microsoft Threat Intelligence Center as DEV-0530 but that calls itself H0lyGh0st has been developing and using ransomware in attacks since June 2021.

On its website, H0lyGh0st claims that it won't sell or publish victim data if they pay, researchers said.

H0lyGh0st's ransomware campaigns are financially motivated, with researchers observing text linked to a ransom note that they intercepted in which attackers claim they aim to "Close the gap between the rich and poor," researchers said.

Since it began using ransomware in June 2021 and until May 2022, H0lyGh0st has employed two custom-developed malware families-SiennaPurple and SiennaBlue, researchers said.

Though new Go functions have been added to the various variants over time, all the ransomware in the SiennaBlue family share the same core Go functions, researchers observed.

News URL

https://threatpost.com/h0lygh0st-ransomware-north-korea/180232/