US DOJ Seizes $500,000 From North Korean Hackers Who Targeted US Medical Providers
The US Justice Department has seized about $500,000 (roughly Rs. 4 crore) from North Korea-backed hackers using ransomware, Deputy Attorney General Lisa Monaco announced in a statement. Monaco, who leads the Justice Department’s agencywide efforts to combat cyberthreats, said the North Korean group hacked a Kansas hospital’s system in 2021 and demanded a ransom, threatening to cripple the center’s servers if their demands were not met. The hospital’s staff paid the ransom after the cyber criminals threatened to double the amount within 48 hours, the statement said.
“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui,'” Monaco said.
The hackers, she said, used a strain of malware known as Maui to encrypt a Kansas-based hospital’s servers and files, demanding a ransom payment in exchange for the key to unlock the data. The attack took place in May 2021.
“In that moment, the hospital’s leadership faced an impossible choice: Give in to the ransom demand or cripple the ability of doctors and nurses to provide critical care,” Monaco said.
After failing to regain access to their servers for more than a week, the hospital paid the hackers about $100,000 (roughly Rs. 80 lakh) in Bitcoin. But the medical center also notified the FBI, allowing federal investigators to identify the malware and trace this and other ransom payments to Chinese money launderers that help North Korean cybercriminals convert cryptocurrency into fiat currency, the Justice Department said.
“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain,” Monaco said.
One previously unknown victim was a Colorado-based hospital, according to court documents. The unidentified hospital made a ransom payment of about $120,000 (roughly Rs. 96 lakh) into one of the cybercriminals’ two cryptocurrency accounts in April 2022, court documents show.
In recent years, ransomware attacks have grown in frequency, with cybercriminals attacking schools, hospitals and local governments, among other victims.
In its latest annual threat assessment, the US intelligence community warned in February that cyber criminals “are increasing the number, scale, and sophistication of ransomware attacks, fueling a virtual ecosystem that threatens to cause greater disruptions of critical services worldwide.