DOJ Recovers $500K in Healthcare Ransom Demanded by North Korean Hackers 

Roughly a half-million dollars was seized on behalf of healthcare providers that reportedly paid ransom to North Korean hackers, the U.S Department of Justice said. 

Maui ransomware has been in use since May 2021, sometimes by North Korean government-backed hackers allegedly to target the U.S. healthcare sector, according to a recent DOJ press release.

Earlier this month, U.S. cybersecurity and intelligence agencies issued an advisory about Maui ransomware and its possible use by hackers associated with the government of North Korea. 

See also: FBI Warns Fake Crypto Apps Robbed Investors of Millions

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been monitoring the situation and recently issued guidance. The ransomware attacks on healthcare organizations have disrupted IT systems and medical services and jeopardized patients’ safety, per the statement.

“Reporting cyber incidents to law enforcement and cooperating with investigations not only protects the United States, it is also good business,” said Assistant Attorney General Matthew G. Olsen of the department’s National Security Division, according to the release. 

“The reimbursement to these victims of the ransom shows why it pays to work with law enforcement,” Olsen added.

Read more: FBI: Businesses Lose $43B to Email Fraud

A ransomware attack on a hospital in Kansas prompted the investigation by U.S. agencies that led to the discovery of the Maui variant. That attack and the variant were traced to a North Korean hacking group that is suspected of receiving backing from the state, according to the release.

In the end, the hospital paid $100,000 in ransom to decrypt its files and the FBI traced the payment to money launderers in China and a healthcare provider in Colorado.

Related: Crowdsourced Bug Bounty Programs Help EU Firms Beat Hackers at Their Own Game

Deputy Attorney General Lisa O. Monaco said that the initial reporting and cooperation of the victim led to derailing the “activities of a North Korean state-sponsored group” using the ransomware Maui.