Send to

FBI, treasury department issue joint advisory against N. Korean ransomware

July 7, 2022 - 09:14 By Yonhap
(US Department of Treasury)

The Federal Bureau of Investigation (FBI) issued a cybersecurity advisory on Wednesday against ransomware that it said is being used by North Korean state-sponsored cyber actors.

The advisory, jointly issued by Cybersecurity and Infrastructure Security Agency and the Department of Treasury, said North Korean hackers have been using Maui ransomware since at least May 2021 to target healthcare and public health (HPH) sector organizations.

"Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations," said the joint advisory, also noting that in some cases the ransomware had disrupted services provided by targeted organizations for "prolonged periods."

"North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," it added.

The advisory said Maui ransomware is an "encryption binary," which allows a remote actor to interact with the malware and identify files to encrypt.

The issuing organizations noted North Korean state-sponsored cyber actors may have deployed the malware against healthcare and public health organizations as they likely assumed healthcare organizations "are willing to pay ransoms because these organizations provide services that are critical to human life and health."

They, however, said they "highly discourage" paying ransoms because "doing so does not guarantee files and records will be recovered and may pose sanctions risks."

Providing money or other goods to North Korea may be subject to punishment under US and UN Security Council sanctions against Pyongyang.

North Korea is said to be increasingly using cyber attacks to secure funds for its nuclear and other weapons of mass destruction programs since the US and UN sanctions have reduced most of its sources for hard currency.

The US advisory urged caution by those in related sectors to mitigate ransomware attacks, which they said may include using multilayer network segmentation and securing personal identifiable information and patient health information and storing such information only on internal systems. (Yonhap)