The activities of a hacking group that was sponsored by the North Korean government and that targeted hospitals in the United States with ransomware were recently disrupted by the FBI and the Justice Department, which ultimately led to the recovery of a half a million dollars in ransom payments and cryptocurrency, as stated by the Deputy Attorney General Lisa Monaco on Tuesday.
During a speech in which she encouraged organisations that had been hit by ransomware to report the crime to law enforcement, Monaco disclosed new details of the attacks. She did this for two reasons: first, so that officials can investigate, and second, so that officials can assist victim companies in attempting to get ransom payments back.
According to Monaco, in this particular instance, a Kansas hospital that was hit by ransomware last year and paid a ransom also alerted the FBI. The FBI followed the payment and found money launderers headquartered in China who supported North Korean hackers in paying out the criminal earnings. The FBI was successful in recovering a half million dollars, which included the whole ransom money that was made by the hospital.
During the International Conference on Cyber Security that was organised by Fordham University, Monaco made the following statement: “If you report that attack, if you disclose the ransom demand and payment, and if you work with the FBI, we can take action.” “We can track the money and get it back; we can help prevent the next attack and the next victim; and we can hold cybercriminals responsible.” “We can help prevent the next attack and the next victim.”
The year 2021 saw a spate of high-profile ransomware attacks in the United States. These attacks, in which hackers encrypt or lock up a victim’s data and demand exorbitant sums to return it, included one that targeted an essential fuel pipeline on the East Coast. U.S. officials were forced to scramble to respond to these attacks. Even while the rate of strikes on such a huge scale that make the top page seems to have slowed down, smaller targets like hospitals are still being hit.
Christopher Wray, the Director of the FBI, spoke at the same conference and mentioned that a particular challenge is the fact that ransomware, which was once primarily the domain of run-of-the-mill cyber criminals looking to extort cash, is now increasingly being deployed by adversarial governments that are eager for destruction.
This specific strain of ransomware, which goes by the name “Maui,” focused its attention only on healthcare facilities and government agencies located all around the nation.
The authorities from the Justice Department claim that the assault on the Kansas hospital, which they did not name, took place in May 2021 when hackers encrypted the data and systems at the medical institution. In order to regain access to its data, the medical centre forked over around 100,000 BTC.
The agency said that in addition to retrieving the money from the hospital in Kansas, it also recovered a payment from a health care provider in Colorado that had been impacted by the same Maui ransomware version. Both of these providers were located in the same state.