The US recovered two ransom payments made by the country’s healthcare providers.
The FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying the Maui ransomware.
“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain,” said Deputy Attorney General Lisa O. Monaco.
In May, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms paid by health care providers in Kansas and Colorado.
According to court documents, malicious hackers used a ransomware strain called Maui to encrypt the files and servers of a medical center in the District of Kansas. The affected hospital paid approximately $100,000 in Bitcoin to regain the use of their computers and equipment.
In April 2022, the FBI observed an approximately $120,000 Bitcoin payment into one of the seized cryptocurrency accounts. The payment was made by a medical provider in Colorado.
In May 2022, the FBI seized the contents of two cryptocurrency accounts that had received ransoms, and the District of Kansas then began proceedings to forfeit the hackers’ funds and return the stolen money to the victims.
“These sophisticated criminals are constantly pushing boundaries to search for ways to extort money from victims by forcing them to pay ramsons in order to regain control of their computer and record systems,” said US Attorney Duston J. Slinkard for the District of Kansas. “What these hackers don’t count on is the tenacity of the US Justice Department in recovering and returning these funds to the rightful owners.
In July, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and US Treasury issued a joint statement saying cybercriminal groups linked to the rogue state have been using Maui ransomware to attack healthcare and public health organizations in the US.
The ransomware attacks have been ongoing since at least May 2021, and targeted electronic health records and diagnostic and imaging services. In some cases, services provided by victim organizations were “disrupted for prolonged periods,” the agencies added.
“The FBI, CISA, and Treasury highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks,” added CISA.
More from Cybernews:
Subscribe to our newsletter