In a nutshell: The FBI and two other agencies have issued a warning that state-sponsored North Korean hackers are attacking U.S. healthcare organizations with ransomware. Attacks have taken place in the past year, often interrupting vital medical services for “extended periods.”

- Advertisement -

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury released joint warning provide information about Maui ransomware that has been infecting healthcare and public health (HPH) organizations since at least May 2021.

- Advertisement -

Like other ransomware, Maui encrypts the infected system’s files with 128-bit AES encryption. In this case, the targets are servers responsible for medical services. Areas affected include electronic health records, diagnostics, imaging, and the intranet.

The agencies published technical details about Maui in a bulletin, including indicators of compromise, using industry analysis of a ransomware sample. The notice also includes a list of mitigation measures such as disabling network device management interfaces, updating software, and maintaining offline data backups.

- Advertisement -

Health organizations a popular goal for extortionist groups, as it is assumed that they are more likely to pay ransoms when the lives of patients are potentially in danger. BUT lawsuit last year it was claimed that a child died in a hospital due to a ransomware attack.

As always, the government advises victims not to pass any payments to hackers as there is no guarantee that they will unlock the files.

North Korea has long been known to use illicit cryptocurrencies such as the $615 million Ronin network. hackto fund its nuclear weapons program. However, the crypto winter, when prices plummeted, got me thinking.affected the cost ill-earned income of the hermit country. The accident also forces many extortionist gangs expand into traditional forms cybercrime where they can earn dollars instead of cryptocurrencies with price fluctuations.

Head credit: Andrey_Popov