Security News > 2022 > July > US govt warns of Maui ransomware attacks against healthcare orgs

The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health organizations.
Starting in May 2021, the FBI has responded to and detected multiple Maui ransomware attacks impacting HPH Sector orgs across the U.S. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services-including electronic health records services, diagnostics services, imaging services, and intranet services," the federal agencies revealed.
Based on previous reports, Maui ransomware is manually deployed across compromised victims' networks, with the remote operators targeting specific files they want to encrypt.
While Stairwell collected the first Maui sample in early April 2022, all Maui ransomware samples share the same compilation timestamp of April 15, 2021.
The three U.S. federal agencies also provide indicators of compromise obtained by the FBI while responding to Maui ransomware attacks since May 2021.
"The FBI assesses North Korean state-sponsored cyber actors have deployed Maui ransomware against Healthcare and Public Health Sector organizations," the joint advisory adds.
News URL
Related news
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- Rhysida pwns two US healthcare orgs, extracts over 300K patients' data (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)