FBI released a press statement of seizing about $500,000 payment in cryptocurrency from Maui Ransomware spreaders linked to North Korea Intelligence. The seizure of funds was made under a court order issued in May 2022 regarding the ransom paid by two healthcare service providers in Kansas and Colorado.

The Justice Department of Kansas supervised the whole incident in coordination with officials belonging to FBI and with the full cooperation of the IT staff of the victimized organizations.

DoJ is intending to share classical information with Interpol as it wants to make the issue attain an international recognition to attain public attention.

Interestingly, the attack was launched by Maui on a Kansas based hospital, which then after paid $100,000 in bitcoins to regain back access to the encrypted servers; as it was left with no other option, as its backed-up data was also digitally intercepted and compromised.

Maui Ransomware is a kind of file encrypting malware that was developed in Pyongyang. It targeted two healthcare organizations in March-April this year and the victims first paid the ransom and then cooperated with the Federal Bureau of Investigation in tracking down the perpetrators.

NOTE 1-Maui group is said to be based in North Korea and is said to be using a China-based money laundering company to mint money from its victims. The recovered sum will be paid back to the victims and, if any left, will be diverted to fund used to curb cyber-crime.

NOTE 2- Maui is relatively new to the field of cyber crime and at this juncture, falling in the eyes of the law enforcement could prove extremely fatal to the group.

 

The post FBI seizes $500000 payment from Maui Ransomware spreaders appeared first on Cybersecurity Insiders.

Maui Ransomware is being spread by state-funded hackers of North Korea and it confirmed this in a joint statement released by the FBI, CISA, and Department of Treasury on a collective note.

What’s surprising in this finding is that the said file-encrypting malware is being spread since May 2021 and was being targeted mainly at healthcare and public healthcare organizations.

FBI specified in its statement that the Maui Ransomware group was only interested in stealing and encrypting electronic health records, diagnostic reports, imaging services, and intranet services and has plans to expand the reach to firms involved in manufacturing and production.

Another interesting point is that the malware is being deployed across networks manually, after which the operators target specific files to encrypt and then demand enormous sums in exchange.

Installing updates for software and operating systems, regularly testing offline backups, limiting the usage of RDPs when required, educating employees about phishing attacks, and having a ransomware response checklist on hand will help mitigate risks associated with such ransomware incidents and cut down on serious consequences.

For the past 2-3 years, the federal agencies are advising victims not to pay a ransom to criminals as it encourages crime and doesn’t guarantee a decryption key for sure. At the same, it has issued an advisory to the health care sector on how to deal with the incident and the risks involved in ransomware payments.

NOTE- Maui means a Polynesian Demigod created from two volcanoes. He was rarely worshiped as he was looked upon as a folk hero. Certain mythological scriptures state Maui had the power to control the sun and lengthen the days and had a magical power to pull fire from the universe and use it for human survival in the underworld.

 

The post North Korea spreading Maui Ransomware appeared first on Cybersecurity Insiders.