DOJ recovers ransom paid to North Korean hackers targeting health care

Jul 20, 2022 - 04:00 PM
Cybersecurity lock in cloud with finger tapping on it.

The Justice Department has recovered about $500,000 in ransom that a Kansas hospital and Colorado medical provider paid to state-sponsored North Korean hackers, .

鈥淭hanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as 鈥楳aui,鈥欌 said Deputy Attorney General Lisa O. Monaco yesterday at the International Conference on Cyber Security. 鈥淣ot only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain.鈥

Federal agencies this month recommended U.S. health care organizations take certain actions to protect against the Maui ransomware threat.

鈥淭he Maui ransomware identification and funds seizure is a great example of how important it is for hospital and health system victims of cyberattacks to engage in timely and active cooperation with the FBI,鈥 said John Riggi, AHA鈥檚 national advisor for cybersecurity and risk. 鈥淣ot only did it assist the individual victims, but it also provided critical pieces of the intelligence 鈥榩uzzle鈥 for the FBI. This allowed the FBI to inflict some consequences on the Maui bad actors and prevent additional attacks against health care by disseminating actionable intelligence to the field on the threat. Make no mistake, the Maui ransomware not only represents a threat to health care, but it also represents a national security threat. The North Korean regime, a designated state sponsor of terrorism, has a history of engaging in global criminal activity to fund its own illicit activities, including its nuclear weapons program. The 黑料正能量 Association works very closely with the FBI on the local and national level to exchange cyber threat information, and we encourage all hospitals and health systems to develop working relationships with their local FBI and CISA offices 鈥 before becoming a victim of a cyberattack.鈥

For more information on how to connect with the FBI and Cybersecurity & Infrastructure Security Agency or on other cybersecurity and risk topics, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used鈥
Headline
Agencies release guidance on AI data security聽
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners May 22 released guidance on securing data used for鈥
Headline
Russian state-sponsored cyber actors targeting tech companies, others聽
The FBI, along with the National Security Agency and other international cybersecurity agencies, this week released a joint agency advisory on cyber operations鈥
Headline
FBI warns of cyber actors exploiting end-of-life routers
The FBI's Internet Crime Complaint Center released an alert May 7 warning of cyber actors exploiting vulnerabilities in end-of-life routers. Routers dated 2010鈥
Headline
FBI warns of malicious text, voice-messaging campaign impersonating senior U.S. officials
The FBI鈥檚 Internet Criminal Complaint Center May 15 released an alert warning of a malicious text and voice messaging campaign involving impersonators鈥
Headline
AHA blog 鈥 3 Must-know Cyber and Risk Realities: What鈥檚 Ahead for Health Care in 2025聽
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as鈥