In a nutshell: The FBI and two other agencies have issued a warning that state-sponsored North Korean hackers are targeting US healthcare organizations with ransomware. The attacks have been taking place in the last year, often disrupting vital health services for “prolonged periods.”
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury issued the joint warning to provide information on the Maui ransomware that has been infecting Healthcare and Public Health (HPH) Sector organizations since at least May 2021.
Like other ransomware, Maui encrypts an infected system’s files with AES 128-bit encryption. In this case, it’s the servers responsible for healthcare services that are targeted. Impacted areas include electronic health records, diagnostics, imaging, and intranet.
The agencies published technical details of Maui in the advisory, including indicators of compromise, using an industry analysis of a sample of the ransomware. The notice also includes a list of mitigations, such as turning off network device management interfaces, keeping software up to date, and maintaining offline data backups.
Healthcare organizations are a popular target for ransomware gangs as it’s assumed they’re more likely to pay ransoms when patients’ lives are potentially at risk. A lawsuit last year claimed a baby died at a hospital due to a ransomware attack.
As always, the government advises victims not to hand over any payments to the hackers as there’s no guarantee they’ll unlock the files.
North Korea has long been known to use cryptocurrency attained through illegal means, such as the $615 million Ronin network hack, to fund its nuclear weapons program. However, the crypto winter that has seen prices take a nosedive has impacted the value of the hermit country’s ill-gotten gains. The crash is also forcing many ransomware gangs to expand into traditional forms of cybercrime where they can earn dollars instead of price-fluctuating crypto.
Masthead credit: Andrey_Popov