N.Korean Hackers Target US Health Providers With Ransomware

North Korea-sponsored hackers have been targeting the healthcare and public health sector in the US for more than a year, according to a July 6 alert from the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the Department of the Treasury.

The Cybersecurity and Infrastructure Security Agency (CISA) recently released a new advisory that suggests nation-state threat actors are leveraging the Maui ransomware to target organisations in the healthcare sector.

According to the document the threat actors have been engaging in these campaigns since at least May 2021.
“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health records services, diagnostics services, imaging services and intranet services,” says the release. “The FBI, CISA, and Treasury highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks... In some cases, these incidents disrupted the services provided by the targeted HPH Sector organisations for prolonged periods.” 

In particular, the US government agency believes that the nation-state hacking group is sponsored by the North Korean government.

The CISA document explains that intelligence obtained by the CISA, the FBI, and the Department of the Treasury, indicates that the threat actors have been conducting the campaigns since May or 2021. CISA says that the ransomware was designed for manual execution by a remote actor, in this case located in North Korea. In addition, it deploys a combination of Advanced Encryption Standard, RSA, and XOR encryption to encrypt the files and damage the target’s network. The authentication allocated to any given user dictates how much damage the hacker will be able to inflict. 

The US security agencies recommend that companies in the healthcare industry take a strict zero-trust approach.

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, or benign samples of encrypted files. 
“As stated above, the FBI discourages paying ransoms. Payment does not guarantee files will be recovered and may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. 

Regardless of whether victim organisations have decided to pay the ransom, the FBI, CISA, and Treasury urge them to promptly report ransomware incidents to the FBI.

The US government’s latest warning follows a sequence of high-profile cyber attacks targeting healthcare organisations. University Medical Center Southern Nevada was hacked by ransomware in August 2021 that compromised files containing protected health information and Boston Children's hospital suffered a breach to its systems in June.  

CISA:    Korea Herald:    PCMag:   Healthcare IT NewsTechcrunch:   Oodaloop:   

Infosecurity Magazine:    Metro:     

You Might Also Read: 
 

« Exposed: Sensitive Data Of 146,000 Aon Customers
Creating A Security Awareness Training Program »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

Eurotech

Eurotech

Eurotech provides Edge Computers and IoT solutions. We help to connect your assets and make them smarter through secure and agnostic hardware and software technologies.

Digital.ai

Digital.ai

Digital.ai empowers organizations to scale software development teams, continuously deliver software with greater quality and security.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.