According to the US authorities, state-supported North Korean hackers have been attacking healthcare practitioners since at least May last year.
Healthcare organizations have been warned about the attackers' tactics by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury in a joint alert released on Wednesday, July 6.
WASHINGTON, DC - FEBRUARY 23: The official seal of the Federal Bureau of Investigation is seen on an iPhone's camera screen outside the J. Edgar Hoover headquarters February 23, 2016 in Washington, DC.
Maui Ransomware
It appears that these cyber attackers have been utilizing a ransomware program called Maui to encrypt the computers of healthcare institutions and then request money from the victims to unlock their networks.
The agencies' advisory includes details about Maui, such as its symptoms of vulnerability and the methods the malicious actors employ, which they learned from a sample that the FBI collected.
According to the agencies, the hackers blocked intranet services, diagnostic services, imaging services, and services related to electronic health records used by healthcare providers.
In several instances, the assaults prevented the service providers from accessing their systems and severely hampered their ability to deliver their services.
The malware is manually deployed by a remote attacker once it has entered the victim's network, according to the agencies' warning. They strongly discourage paying the ransom because doing so doesn't guarantee that the criminals will provide the victims with the passwords to access their files.
The agencies do acknowledge that it is possible that the attackers would continue to attack healthcare-related institutions.
According to them, since healthcare institutions provide services that are essential to human life and health, North Korean state-sponsored cyber attackers presumably believe those companies will be willing to pay a ransom.
FBI, CISA, and the Treasury are now advising healthcare providers to use mitigation strategies and be ready for potential ransomware attacks by updating software, keeping offline copies of their data, and developing a simple cyber crisis response strategy.
Engadget noted that North Korea's money from such operations could be attributed to a UN investigation released earlier this year, detailing that the country has been relying on stolen cryptocurrencies by state-backed hackers to finance its nuclear and missile projects.
Read also: Axie Infinity's Ronin Crypto Heist: FBI Says North Korean Hackers Were Behind $600 Million Breach
Cyberattacks Against Healthcare Providers
Since the beginning of the pandemic, healthcare organizations have been particularly a top target for cyber hackers who use ransomware.
Engadget further noted that 2020 saw the release of a joint advisory from the FBI and CISA alerting medical facilities to the possibility of ransomware attacks. During the height of the pandemic, the Russian-speaking criminal gang UNC1878 and other assailants attacked healthcare facilities, leaving some victims with no choice but to submit to their conditions while trying to preserve lives.
Related Article: North Korea-Backed Hackers Allegedly Modify Malware to Breach US, UK, and Other Countries
This article is owned by Tech Times
Written by Joaquin Victor Tacla
