State-sponsored North Korean hackers have been using ransomware to attack US healthcare providers since May 2021.
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury Department have issued a joint opinion healthcare organizations warn of the threat.
“North Korean state-sponsored cyber actors are likely to assume that healthcare organizations are willing to pay ransoms because these organizations provide services critical to human life and health,” they said.
According to the advisory, ransomware called Maui has been used to encrypt the computers of healthcare organizations and then demand payment from victims to unlock their networks.
The attackers have locked up electronic health records, diagnostic services, imaging services and healthcare intranet services, among other things. In some cases, the attacks kept providers out of their systems and disrupted the services they provide for extended periods of time.
The agencies’ warning contains information about Maui, including the indicators of compromise and the techniques used by the hackers.
The malware is manually executed by a third-party actor once it is in the victim’s network.
The agencies “strongly discourage” paying the ransom, as it will not ensure that the hackers will return access to the files and suspect that the attackers will most likely continue targeting healthcare organizations.
Healthcare providers have been urged to adopt mitigation techniques and prepare for future ransomware attacks by installing software updates, maintaining offline backups of data, and developing a baseline cyber incident plan.
A February United Nations report said: North Korea’s Missile Program used to be financed through stolen cryptocurrency by state-sponsored hackers.
Healthcare providers are a prime target for hackers with lives at stake. In May, the Russian hacking group Killnet threatened to shut down UK’s ventilators in retaliation for the arrest of an alleged member.
LAKE : FBI Closes Multi-Million Dollar Hacker Black Market
LAKE : Anonymous declares cyber war against pro-Russian hacker group Killnet