A ransomware strain targeting the US healthcare sector has been linked to North Korean state-sponsored hackers, according to the FBI.
The US today issued an advisory(Opens in a new window) about the “Maui” ransomware,” which the FBI has been investigating over the past year. In some cases, attacks have caused significant outages and delays at healthcare providers.
“Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH (Healthcare and Public Health) Sector organizations,” the alert adds.
The North Koreans have allegedly been using the Maui ransomware to encrypt servers responsible for healthcare services that can cover electronic health records, diagnostics, and imaging services. The hackers can then demand that victims pay a ransom to free the servers.
It’s unclear how the North Koreans have been spreading the Maui ransomware to healthcare organizations. US agencies also didn't say how they attributed the attacks to North Korea. But Wednesday’s advisory lays out the various techniques hackers have been using, along with tips on how to ward off the attacks.
The alert adds: “The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health. Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting HPH Sector organizations.”
In the same alert, the US agencies urge affected organizations to avoid paying the ransom. Doing so can violate US sanctions against North Korea, according to the Treasury Department. That said, if a victim reports the ransomware attack to US
Read more on pcmag.com