Why North Korea Ransomware Attacks Target U.S. Health Care Providers

WASHINGTON – MARCH 09: The seal of the F.B.I. hangs in the Flag Room at the bureau’s headquaters … [+] March 9, 2007 in Washington, DC. F.B.I. Director Robert Mueller was responding to a report by the Justice Department inspector general that concluded the FBI had committed 22 violations in its collection of information through the use of national security letters. The letters, which the audit numbered at 47,000 in 2005, allow the agency to collect information like telephone, banking and e-mail records without a judicially approved subpoena. (Photo by Chip Somodevilla/Getty Images)

Getty Images

The U.S Department of Justice (DOJ) announced this week that around $500,000 in BitcoinBTC
has been seized from North Korean threat actors who were using Maui ransomware to attack healthcare organizations in the United States. DOJ filed a complaint in the District of Kansas asking for the forfeiture of the Bitcoin be returned to the victims of the attacks which were healthcare providers in Kansas and Colorado.

The attacks caused extensive disruption to IT systems and medical services and put patient safety at risk. The new ransomware variant was discovered during an investigation of a ransomware attack on a hospital in Kansas in May 2021. The Kansas provider had alerted the FBI when the ransomware occurred. As a result, the FBI was able to observe a $120,000 bitcoin payment into one of the seized accounts that was separately being paid by the health care provider in Colorado.

Young Asian male frustrated, confused and headache by ransomware attack on desktop screen, notebook … [+] and smartphone, cyber attack and internet security concepts

getty

The attack was traced to a North Korean hacking group that is suspected of receiving backing from the DPRK. The Kansas hospital had its servers encrypted, preventing access to essential IT systems for more than a week. The hospital paid a ransom of $100,000 for the keys to decrypt files and regain access to its servers and promptly.

“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying…

Source…