The US Department of Justice announced it seized nearly half a million dollars in cryptocurrency paid last year as ransom by a hospital in Kansas and medical provider in Colorado to hackers linked to North Korea.
As per court documents, in May 2021, North Korean hackers targeted servers of a medical center in Kansas with a ransomware strain called Maui. The healthcare provider then paid attackers around $100,000 in Bitcoin to get access to the encrypted servers. The organization reported the incident to law enforcement authorities and the FBI was able to identify a new ransomware strain used by North Koreans and ultimately track and seize ransom payments along with cryptocurrency from China-based money-launderers working for the North Korean cyber actors.
“The FBI’s investigation confirmed that a medical provider in Colorado had just paid a ransom after being hacked by actors using the same Maui ransomware strain. In May 2022, the FBI seized the contents of two cryptocurrency accounts that had received funds from the Kansas and Colorado health care providers,” the DoJ said.
Earlier this month, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury released a joint cybersecurity advisory regarding the North Korean threat to US health care and public health sector organizations, which included indicators of compromise (IoCs) and mitigation recommendations.