Here today, gone to Maui: That's your data captured by North Korean ransomware

2022-07-06 22:51

For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday.

Uncle Sam's Cybersecurity and Infrastructure Security Agency, the FBI, and the Treasury Department issued a joint advisory outlining a Pyongyang-orchestrated ransomware campaign that has been underway at least since May, 2021.

The FBI says it has worked with multiple organizations in the healthcare and public health sector infected by Maui ransomware.

"North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services - including electronic health records services, diagnostics services, imaging services, and intranet services," the joint security advisory [PDF] reads.

The advisory, based on Stairwell's research [PDF], indicates that the Maui ransomware is an encryption binary that a remote operator manually executes through command line interaction.

The FBI is asking any affected organization to share information related to ransomware attacks, such as communication with foreign IP addresses, Bitcoin wallet details, and file samples.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/06/here_today_gone_to_maui/

#northkorean #ransomware