DOJ recovers ransom paid to North Korean hackers targeting health care

Jul 20, 2022 - 04:00 PM
Cybersecurity lock in cloud with finger tapping on it.

The Justice Department has recovered about $500,000 in ransom that a Kansas hospital and Colorado medical provider paid to state-sponsored North Korean hackers, the agency announced yesterday.

“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui,’” said Deputy Attorney General Lisa O. Monaco yesterday at the International Conference on Cyber Security. “Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain.”

Federal agencies this month recommended U.S. health care organizations take certain actions to protect against the Maui ransomware threat.

“The Maui ransomware identification and funds seizure is a great example of how important it is for hospital and health system victims of cyberattacks to engage in timely and active cooperation with the FBI,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Not only did it assist the individual victims, but it also provided critical pieces of the intelligence ‘puzzle’ for the FBI. This allowed the FBI to inflict some consequences on the Maui bad actors and prevent additional attacks against health care by disseminating actionable intelligence to the field on the threat. Make no mistake, the Maui ransomware not only represents a threat to health care, but it also represents a national security threat. The North Korean regime, a designated state sponsor of terrorism, has a history of engaging in global criminal activity to fund its own illicit activities, including its nuclear weapons program. The American Hospital Association works very closely with the FBI on the local and national level to exchange cyber threat information, and we encourage all hospitals and health systems to develop working relationships with their local FBI and CISA offices — before becoming a victim of a cyberattack.”

For more information on how to connect with the FBI and Cybersecurity & Infrastructure Security Agency or on other cybersecurity and risk topics, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
Tactics by Scattered Spider cybercriminals highlighted in joint advisory 
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered…
Headline
Microsoft says China-based threat actors behind SharePoint attacks 
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
Agencies warn of activity by Interlock ransomware
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…
Headline
Microsoft issues alert on vulnerabilities in ongoing SharePoint attacks 
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not…
Headline
AHA blog: Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
AHA Cyber Intel
Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…