North Korean hackers attack hospitals with ransomware
Hackers backed by the North Korean government have targeted numerous healthcare organizations with ransomware, in some cases disrupting healthcare services for “extended periods”, the FBI and other US agencies warned on Wednesday.
According to the FBI, a strain of ransomware targeting the US healthcare industry is linked to North Korean state-sponsored hackers. The United States today alerted about the active use of the “Maui” ransomware, which the FBI has been investigating for a year. In some cases, the attacks caused major outages and delays among healthcare providers.
The Cybersecurity and Infrastructure Security Agency (CISA) suggests healthcare and public health (HPH) organizations in the United States are the new target for these North Korean hackers, who recently lost millions dollars due to the fall of Bitcoin.
Maui ransomware from North Korean hackers cripples health services
According to US authorities, Maui ransomware is used by hackers to encrypt servers responsible for health services, including electronic medical record services, diagnostic services, imaging services, and intranet services. CISA said the ransomware appears to be designed for remote manual execution. It would also use a combination of Advanced Encryption Standard (AES), RSA and XOR encryption to encrypt the target files.
At this time, it is unclear how the North Koreans spread the Maui ransomware to health organizations. However, authorities have shared some tips for services affected by these ransomware attacks.
In a statement released July 6, the FBI, CISA and Treasury strongly advise against paying the demanded ransomsbecause as often, this does not guarantee the recovery of files and folders and may lead to the risk of sanctions. These attacks by North Korean hackers have been increasing in recent months, since Google recently claimed to have prevented North Korea from hacking Chrome. These hackers are also known to have attacked Windows and Android devices with the Chinotto malware late last year.
Source: Cisa