Security News > 2022 > July > U.S. Healthcare Orgs Targeted with Maui Ransomware
Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities.
Another characteristic of Maui that diverges from other ransomware is that it appears to be designed for manual execution by a threat actor, allowing its operators to "Specify which files to encrypt when executing it and then exfiltrate the resulting runtime artifacts," Cutler wrote.
Citing the Stairwell report, federal agencies provided a breakdown of how an attack by Maui ransomware-installed as an encryption binary called "Maui.exe"-encrypts specific files on an organization's system.
First Maui encrypts target files with AES 128-bit encryption, assigning each file a unique AES key.
A custom header contained in each file that includes the file's original path allows Maui to identify previously encrypted files.
During encryption, Maui creates a temporary file for each file it encrypts using GetTempFileNameW(), and uses this file to stage output from encryption, researchers said.