• Sun. Aug 14th, 2022

FBI seized $500,000 worth of bitcoins obtained from ransomware attacks MauiSecurity Affairs

ByHazel R. Lang

Jul 23, 2022

The US DoJ has seized $500,000 worth of bitcoins from North Korea-linked threat actors who are behind the Maui ransomware.

The US Department of Justice (DoJ) seized $500,000 worth of Bitcoin from North Korean threat actors who used Maui ransomware to target multiple organizations around the world.

“The Department of Justice today announced a lawsuit filed in the District of Kansas to confiscate cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars. reads the announcement published by the DoJ. “Funds seized include ransoms paid by health care providers in Kansas and Colorado.”

In May 2021, threat actors infected Kansas District Medical Center servers. The Kansas hospital chose to pay a ransom of approximately $100,000 in Bitcoin to receive a decryptor and recover the encrypted files. The Kansas Medical Center notified the FBI, who investigated the incident and were able to identify the previously unknown Maui ransomware and trace the payment to China-based money launderers.

In April 2022, the FBI observed a payment of approximately $120,000 in bitcoins to one of the seized cryptocurrency accounts that were identified through cooperation with Kansas Hospital.

The federal government confirmed that the funds were tied to payment for a medical provider in Colorado who was affected by Maui ransomware. In May 2022, the FBI seized two cryptocurrency accounts used by threat actors to receive payments from healthcare providers in Kansas and Colorado. The District of Kansas then began proceedings to confiscate the hackers’ funds and return the stolen money to the victims.

“Reporting cyber incidents to law enforcement and cooperating with investigations not only protects the United States, it’s also good business,” said Assistant Attorney General Matthew G. Olsen of the National Security Division of the National Security Division. Ministry of Justice. “Reimbursing these ransom victims shows why it pays to work with law enforcement.”

Earlier this month, the FBI, CISA, and the US Treasury Department issued a joint advisory warning against North Korean-linked threat actors using Maui ransomware in attacks targeting organizations. of the health sector.

“The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are issuing this Joint Cybersecurity Advisory (CSA) to provide information about Maui ransomware, which was used by North Korean state-sponsored cyber actors since at least May 2021 to target organizations in the health and public health (HPH) sector.” reads the notice issued by the US authorities.

Attacks on healthcare and public health (HPH) organizations began in May 2021 and government experts observed several cases involving the use of Maui ransomware.

The report provides information on the Tactics, Techniques, and Procedures (TTPs) of threat actors using the Maui ransomware along with Indicators of Compromise (IOCs) that were obtained by government experts during incident response and industry analysis of a Maui sample.

North Korean nation-state actors have used Maui ransomware to encrypt servers providing healthcare services, including electronic health record services, diagnostic services, imaging services, and intranet services.

The report confirmed that in some cases, attacks disrupted services provided by targeted HPS organizations for extended periods of time.

The joint report references an industry analysis of a Maui sample provided in Stairwell Threat Report: Maui Ransomware. According to the analysis, the malware appears to be a human-operated ransomware.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(Security cases hacking, Maui ransomware)

Source link