Why North Korea Ransomware Attacks Target U.S. Health Care Providers

The U.S Department of Justice (DOJ) announced this week that around $500,000 in BitcoinBTC
has been seized from North Korean threat actors who were using Maui ransomware to attack healthcare organizations in the United States. DOJ filed a complaint in the District of Kansas asking for the forfeiture of the Bitcoin be returned to the victims of the attacks which were healthcare providers in Kansas and Colorado.

The attacks caused extensive disruption to IT systems and medical services and put patient safety at risk. The new ransomware variant was discovered during an investigation of a ransomware attack on a hospital in Kansas in May 2021. The Kansas provider had alerted the FBI when the ransomware occurred. As a result, the FBI was able to observe a $120,000 bitcoin payment into one of the seized accounts that was separately being paid by the health care provider in Colorado.

The attack was traced to a North Korean hacking group that is suspected of receiving backing from the DPRK. The Kansas hospital had its servers encrypted, preventing access to essential IT systems for more than a week. The hospital paid a ransom of $100,000 for the keys to decrypt files and regain access to its servers and promptly.

“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying…