North Korean hackers targeted US hospitals: officials

NEW YORK –

The FBI and the Department of Justice recently disrupted the activities of a North Korean government-sponsored hacking group that targeted US hospitals with ransomware, ultimately recovering half a million dollars in ransom payments and cryptocurrency, Deputy Attorney General Lisa Monaco said Tuesday.

Monaco revealed new details about the attacks during a speech in which it encouraged organizations affected by ransomware to report the crime to law enforcement, both so authorities can investigate and so they can help the victim companies to try to recover the ransoms.

In this case, Monaco said, a Kansas hospital that paid a ransom last year after being attacked by ransomware also contacted the FBI, which traced the payment and identified the Kansas-based money launderers. China who helped North Korean hackers collect the illicit proceeds. The FBI was able to recover half a million dollars, including the full ransom payment from the hospital.

« If you report this attack, if you report the ransom demand and payment, if you work with the FBI, we can act, » Monaco said at the International Conference on Cybersecurity, hosted by Fordham University. « We can track the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals accountable. »

In 2021, US officials rushed to deal with a wave of high-profile ransomware attacks – in which hackers encrypt or lock down a victim’s data and demand exorbitant sums to return it – including against a pipeline crucial fuel on the East Coast. Although the pace of these large-scale front-page attacks appears to have slowed, smaller targets – such as hospitals – continue to be hit.

FBI Director Christopher Wray said at the same conference that a particular challenge is that ransomware, once largely reserved for cybercriminals of all kinds looking to extort money, is now increasingly being deployed by hostile governments hungry for destruction.

« The other thing we’re seeing more and more is that ransomware actors are doing more than just locking down the system, » Wray said. « They exfiltrate information, they threaten to leak your confidential information. »

This particular variant of ransomware, known as « Maui », specifically targeted hospitals and public health organizations across the country.

Justice Department officials say the attack on the Kansas hospital, which they did not identify, took place in May 2021 when hackers encrypted the medical center’s files and servers. The hospital paid around $100,000 in Bitcoin to recover their data.

The department said that in addition to recovering payment from the Kansas hospital, it also recovered payment from a Colorado healthcare provider who was affected by the same Maui ransomware variant.