North Korean hackers are using ransomware to attack healthcare providers, feds warn

State-sponsored North Korean hackers have been targeting healthcare providers since at least May 2021, according to the US government. The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury have issued a joint advisory warning healthcare organizations about the attackers’ MO. Apparently, they’ve been using a ransomware called Maui to encrypt healthcare organizations’ computers and then demanding payment from the victims to get their networks unlocked. The agencies’ warning contains information about Maui, including its indicators of compromise and the techniques the bad actors use, which they got from a sample obtained by the FBI. 

The agencies said the attackers locked up healthcare providers’ electronic health records services, diagnostics services, imaging services and intranet services, among others. In some cases, the attacks kept the providers out of their systems and disrupted the services they provide for prolonged periods. 

According to the agencies’ advisory, the malware is manually executed by a remote actor once it’s in the victim’s network. They “highly discourage” paying ransom, since that doesn’t ensure that the bad actors will give victims the keys to unlock their files. However, the agencies admit that the attackers will most likely continue targeting organizations in …read more