US Recovers $500,000 From North Korea-Backed Hackers Targeting Hospitals
The U.S. Department of Justice said on July 19 that it seized about $500,000 in cryptocurrency that two American medical centers had paid to North Korean state-backed hackers after a ransomware attack.
Deputy Attorney General Lisa Monaco said the seized funds include ransoms paid by health care providers in Kansas and Colorado in 2021 and 2022, according to a statement issued by the Justice Department.
According to court documents unsealed on July 19, the Kansas hospital paid the hackers about $100,000 in bitcoin after being unable to access encrypted servers for more than a week.
The hospital notified the FBI, which traced the payment and identified China-based money launderers who assisted North Korean state-sponsored hackers in converting the money.
The FBI also found that a medical provider in Colorado paid a ransom to the hackers, who used the Maui ransomware to encrypt the medical center’s servers. Authorities seized the contents of two cryptocurrency accounts following the investigation.
“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain,” Monaco said.
According to the advisory, Maui ransomware is operated manually by a remote actor using a “command-line interface” to interact with the malware and to identify files to encrypt.
“These sophisticated criminals are constantly pushing boundaries to search for ways to extort money from victims by forcing them to pay ransoms in order to regain control of their computer and record systems,” U.S. Attorney Duston J. Slinkard said in the Justice Department’s news release.
The U.S. government has blamed North Korea for a number of high-profile cyberattacks in recent years, including the multimillion-dollar cryptocurrency heist of Axie Infinity, a game in which players can earn cryptocurrency tokens….
The intelligence community warned that Pyongyang, the capital of North Korea, could have the expertise “to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States.”
“Pyongyang is well positioned to conduct surprise cyber attacks given its stealth and history of bold action,” the report reads.
Wed, 07/20/2022 – 17:40