US DOJ Seizes $500,000 From North Korean Hackers Who Targeted US Medical Providers

Medical providers were attacked by a ransomware strain called Maui.

US DOJ Seizes $500,000 From North Korean Hackers Who Targeted US Medical Providers

Photo Credit: Unsplash/ Michael Geiger

The facility ultimately paid the attackers but also notified the FBI

Highlights
  • In recent years, ransomware attacks have grown in frequency
  • In 2021, a Kansas medical center paid $100,000 in Bitcoin ransom
  • The North Korean hackers targeted mostly medical providers

The US Justice Department has seized about $500,000 (roughly Rs. 4 crore) from North Korea-backed hackers using ransomware, Deputy Attorney General Lisa Monaco announced in a statement. Monaco, who leads the Justice Department's agencywide efforts to combat cyberthreats, said the North Korean group hacked a Kansas hospital's system in 2021 and demanded a ransom, threatening to cripple the center's servers if their demands were not met. The hospital's staff paid the ransom after the cyber criminals threatened to double the amount within 48 hours, the statement said.

"Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as 'Maui,'" Monaco said.

The hackers, she said, used a strain of malware known as Maui to encrypt a Kansas-based hospital's servers and files, demanding a ransom payment in exchange for the key to unlock the data. The attack took place in May 2021.

"In that moment, the hospital's leadership faced an impossible choice: Give in to the ransom demand or cripple the ability of doctors and nurses to provide critical care," Monaco said.

After failing to regain access to their servers for more than a week, the hospital paid the hackers about $100,000 (roughly Rs. 80 lakh) in Bitcoin. But the medical center also notified the FBI, allowing federal investigators to identify the malware and trace this and other ransom payments to Chinese money launderers that help North Korean cybercriminals convert cryptocurrency into fiat currency, the Justice Department said.

"Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain," Monaco said.

One previously unknown victim was a Colorado-based hospital, according to court documents. The unidentified hospital made a ransom payment of about $120,000 (roughly Rs. 96 lakh) into one of the cybercriminals' two cryptocurrency accounts in April 2022, court documents show.

In recent years, ransomware attacks have grown in frequency, with cybercriminals attacking schools, hospitals and local governments, among other victims.

In its latest annual threat assessment, the US intelligence community warned in February that cyber criminals "are increasing the number, scale, and sophistication of ransomware attacks, fueling a virtual ecosystem that threatens to cause greater disruptions of critical services worldwide.


Noise co-founder Amit Khatri joins Orbital, the Gadgets 360 podcast, for a special episode. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

RBI Says Cross-Border Payments Products of Four Firms Viable Under Regulatory Sandbox
Read in: हिंदी
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News
© Copyright Red Pixels Ventures Limited 2023. All rights reserved.