[ad_1]
The FBI and Justice Department recently busted a North Korean government-sponsored hacking group that targeted U.S. hospitals with ransomware, eventually recovering half a million dollars in ransom and cryptocurrency payments, it said Tuesday Deputy Attorney General Lisa Monaco.
Monaco revealed new details about the attacks during a speech in which she encouraged organizations affected by ransomware to report the crime to law enforcement, both so officials can investigate and so they can help victim companies try to recover ransom payments.
In that case, Monaco said, a Kansas hospital that paid a ransom last year after being attacked by ransomware also contacted the FBI, which traced the payment and identified the China-based money launderers who helped North Korean hackers cash in the illegal income. The FBI was able to recover half a million dollars, including the entire ransom from the hospital.
“If you report this attack, if you report the ransom demand and payment, if you work with the FBI, we can take action,” Monaco said at the International Cybersecurity Conference hosted by Fordham University. “We can trace the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals accountable.”
US officials in 2021 struggled to deal with a wave of high-profile ransomware attacks — in which hackers encrypt or lock a victim’s data and demand exorbitant sums to get it back — including against a key East Coast fuel pipeline. Although the rate of such large-scale front-page attacks appears to have slowed, smaller targets – such as hospitals – continue to be affected.
FBI Director Christopher Wray told the same conference that it was particularly challenging that ransomware, once largely a part of cybercriminals looking to extort money, was now increasingly being used by hostile governments eager to destroy it.
“The other thing we’re seeing more and more is that ransomware actors are doing more than just locking down the system,” Wray said. “They extract the information, threaten to reveal your private information.”
This particular variant of the ransomware, known as “Maui,” specifically targets hospitals and public health organizations across the country.
Justice Department officials say the attack on the Kansas hospital, which they did not identify, took place in May 2021, when hackers encrypted the medical center’s files and servers. The hospital paid about $100,000 in bitcoins to get the data back.
The department said that in addition to the refund from the Kansas hospital, it also received a refund from a health care provider in Colorado that was affected by the same Maui ransomware variant.
[ad_2]
Source link