The FBI and Justice Department recently disrupted the activities of a North Korean government-sponsored hacking group that targeted U.S. hospitals with ransomware, ultimately recovering half a million dollars in ransom and cryptocurrency payments, Deputy Attorney General Lisa Monaco said Tuesday. . Monaco revealed new details about the attacks during a speech in which he encouraged organizations hit by ransomware to report the crime to law enforcement, both to enable officials to investigate and to help victim companies try to get the ransom back. In that case, Monaco said, a Kansas hospital that paid a ransom last year after a ransomware attack also contacted the FBI, which traced the payment and identified a China-based money launderer that helped North Korean hackers cash in the illegal income. The FBI was able to recover half a million dollars, including the entire ransom from the hospital. “If you report this attack, if you report the ransom demand and the payment, if you cooperate with the FBI, we can take action,” Monaco said at the International Conference on Cyber Security, hosted by Fordham University. “We can follow the money and get it back, we can help prevent the next attack, the next victim, and we can hold cybercriminals accountable.” US officials in 2021 struggled to deal with a wave of high-profile ransomware attacks — in which hackers encrypt or lock a victim’s data and demand exorbitant sums to return it — including against a critical East Coast fuel pipeline. Although the pace of such large-scale, high-profile attacks appears to have slowed, smaller targets — such as hospitals — are still being affected. FBI Director Christopher Wray told the same conference that a particular challenge is that ransomware, once largely the province of garden-variety cybercriminals trying to extract cash, is now increasingly being deployed by hostile governments that are eager for destruction. “The other thing we’re seeing more and more is ransomware actors doing more than just locking down the system,” Wray said. “They exploit information, threaten to release your proprietary information.” This particular variant of the ransomware, known as “Maui,” specifically targeted hospitals and public health organizations across the country. Justice Department officials say the attack at the Kansas hospital, which they did not identify, took place in May 2021 when hackers encrypted the medical center’s files and servers. The hospital paid about $100,000 in Bitcoin to get its data back. The department said that in addition to recovering the payment from the Kansas hospital, it also received a payment from a health care provider in Colorado that was affected by the same Maui ransomware variant.
