The Korea Herald


N. Korean hackers target health care facilities with ransomware: US agencies

Joint cybersecurity advisory issued to raise alarm about ransomware attacks by N. Korea

By Ji Da-gyum

Published : July 7, 2022 - 15:15

    • Link copied

(123rf) (123rf)
North Korea’s state-sponsored hackers have targeted hospitals and other health care facilities with ransomware, the US government agencies said Wednesday, warning of potential ransomware cyberattacks.

The FBI, Cybersecurity and Infrastructure Security Agency, and the US Treasury Department issued a joint cybersecurity advisory to raise the alarm about ransomware threats against the US health care and public health sector organizations and suggest ways to mitigate and prevent ransomware attacks.

The FBI has observed that North Korean state-sponsored cyber actors have used customized ransomware, known as Maui, multiple times to infiltrate and disable the computer networks of health care facilities at least since May 2021.

North Korean hackers were seen using Maui ransomware to “encrypt servers responsible for health care services -- including health records services, diagnostics services, imaging services and intranet services.”

Ransomware is a type of malicious software or malware that uses encryption to threaten to publish or block access to computer files and databases and hold them hostage until a victim pays a ransom fee to cyberattackers.

The US government agencies also warned that North Korean hackers are likely to continue to exploit the vulnerabilities of health care facilities on the presumption that it would be easier to receive a ransom fee from them.

“The North Korean state-sponsored cyber actors likely assume health care organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” the joint security advisory said

“Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting HPH Sector organizations.”

But the US government agencies also highly discourage victims from paying ransom to cyber attacks as the payment does not guarantee the recovery of records and files and may breach relevant US sanctions laws and regulations.