FBI: If You're Hit by Ransomware, Don't Forget to Call Us

pcmag.com:

The Justice Department is reminding ransomware victims to report attacks to authorities by pointing out that there's a chance the agency can recover ransom funds.

Case in point: On Tuesday, US Deputy Attorney General Lisa Monaco announced that federal investigators recovered about $500,000 in ransom payments, thanks to a Kansas medical provider calling the FBI about the incident. 

"If you report that attack, if you report the ransom demand and payment, if you work with the FBI, we can take action," Monaco said in a speech at the International Conference on Cyber Security.

The incident involved an unnamed medical center in Kansas that suffered a ransomware attack last year. According to Monaco, a North Korean ransomware strain called Maui infected computers at the medical provider, encrypting all the information inside and shutting down IT operations. 

“The attackers left behind a note demanding ransom, and they threatened to double it within 48 hours,” Monaco said. “In that moment, the hospital’s leadership faced an impossible choice —give in to the ransom demand or cripple the ability of doctors and nurses to provide critical care.”

The medical center decided to pay the ransom in cryptocurrency, but also notified the FBI. This gave federal authorities an opening to track the ransom payment to the suspected North Korean hackers over the cryptocurrency’s blockchain. 

“Following the crypto-breadcrumbs, the FBI identified China-based money launderers —the type who regularly assist North Koreans in ‘cashing out’ ransom payments into fiat currency,” Monaco said. “Additional blockchain analysis revealed that these same accounts contained other ransom payments. The FBI traced those to another medical provider in Colorado and