According to the US government, state-sponsored North Korean hackers have been targeting healthcare providers since at least May 2021. The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury Department have issued a joint advisory warning healthcare organizations about the attackers’ MO. Apparently, they used ransomware called Maui to encrypt healthcare organizations’ computers and then demand payment from victims to have their networks unblocked. The agencies’ alert includes information about Maui, including its indicators of compromise and the techniques the bad actors are using, which they obtained from a sample obtained by the FBI.
Authorities said the attackers blocked electronic health record services, diagnostic services, imaging services and intranet services of healthcare providers, among others. In some cases, the attacks kept vendors off their systems and disrupted the services they were providing for long periods of time.
According to the agencies, once inside the victim’s network, the malware is manually executed by a remote actor. They “strongly advise against” paying ransom as it does not ensure that the bad actors give victims the keys to unlock their files. However, authorities concede that the attackers will most likely continue to target healthcare organizations. “The North Korean state-sponsored cyber actors probably assume that health organizations are willing to pay ransom because these organizations provide services that are critical to human life and health,” they said.
Authorities are now urging healthcare providers to adopt mitigation techniques and prepare for potential ransomware attacks by installing software updates, maintaining offline data backups, and developing a basic cyber incident response plan. For those wondering what happens to the funds North Korea receives from such operations, earlier this year a United Nations report revealed that the country has been using cryptocurrency stolen by state-sponsored hackers to boost its nuclear and… fund ballistic missile programs.
Healthcare providers have been a prime target for ransomware-using attackers for quite some time, especially since the beginning of the pandemic. In 2020, the FBI and CISA issued a joint alert warning hospitals and healthcare providers about becoming the target of a ransomware attack. Russian-speaking criminal gang UNC1878 and other attackers targeted health organizations at the height of the pandemic, leaving some victims with no choice but to comply with their demands while struggling to save lives.
All products recommended by Engadget are selected by our editorial team, independently of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission.
https://www.engadget.com/north-korea-hackers-ransomware-healthcare-providers-feds-warn-062002915.html?src=rss North Korean hackers are using ransomware to attack healthcare providers, feds warn