FBI recovers over 500k from N. Korean state-sponsored hacks of hospitals

by mcardinal

Matt Bush, FISM News


The Department of Justice (DOJ) and FBI recovered over half a million dollars after disrupting a North Korean state-sponsored hacking group. The ransomware that the cyber terrorists used specifically targeted hospitals and public health organizations across the U.S., disrupting the health care of thousands of individuals.

In a news release from the DOJ, Deputy Attorney General Lisa Monaco said, “Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui.’”

Unlike other organizations that were targeted, a Kansas hospital reported the cyber-crime to the FBI which in turn identified a “never-before-seen” Maui ransomware. The attack focused on decrypting hospital files and servers which left needed documents and records unavailable to hospital employees. After not being able to access their computers and equipment for over a week, the hospital agreed to pay the hackers $100,000 in Bitcoin to regain control of their network.

According to the DOJ release, the FBI was also able to trace “Maui” back to state-sponsored North Korean hackers and then trace the cryptocurrency payment to a group of China-based money launderers.

After tracing the cryptocurrency to the money launderers, the FBI observed an additional $120,000 ransom paid by a hospital in Colorado, and both Bitcoin payments were seized by the FBI. The hospital in Colorado was hacked by the same “Maui” ransomware strain but never reported the hack to the FBI.

While delivering the keynote speech at the International Conference on Cyber Security (ICCS), Monaco addressed common concerns that those who fall prey to these attacks have.

“As the private sector faces cyber threats, inevitable questions will arise:  Why should we go to law enforcement? Where are the benefits? What’s in it for me and my company?” Monaco stated.

Many private sector organizations refuse to report cyberattacks to the FBI or any other government agency for a variety of reasons. The FBI, in their annual Internet Crime Report (ICR) for 2021, reported 847,376 complaints of suspected internet crime with reported losses exceeding $6.9 billion. As CSO Online reports, however, as few as 15% of cyber crimes are reported to the FBI.

Bad publicity, further disruptions, and conflicting priorities are reasons companies choose to keep cybersecurity issues in-house. Often, the company’s main priority is to recoup losses while keeping any breach as quiet as possible. Law enforcement, on the other hand, wants to prosecute criminals and stop them from future attacks regardless of the consequences to the company.

Monaco addressed these concerns in her Tuesday address.  “The answer is that if you report that attack, if you report the ransom demand and payment, if you work with the FBI, we can take action. We can follow the money and get it back. We can help prevent the next attack, the next victim; and we can hold cybercriminals accountable,” Monaco said. “The bottom line is this: we are all in this together. It is bad for companies and bad for America if we don’t work together on these issues.”