NEW YORK, N.Y. — The Federal Bureau of Investigations (FBI) and the U.S. Department of Justice (DOJ) disrupted the activities of a hacking group sponsored by the North Korean government to target U.S. hospitals with ransomware.
The federal agencies recovered half a million dollars in ransom payments and cryptocurrency, Deputy Attorney General Lisa Monaco said Tuesday during a speech at the International Conference on Cyber Security at Fordham University. The targeted hospitals were a Kansas medical center and a Colorado medical provider.
Monaco’s announcement comes two weeks after the federal government warned the healthcare sectors of attacks involving Maui ransomware which has specifically targeted hospitals and public health organizations.
In the attack against the Kansas hospital, cyber actors encrypted servers used to store critical data and operate critical equipment, according to Bank Info Security. Attackers left behind a ransom note and threatened to double it within 48 hours.
“In that moment, the hospital’s leadership faced an impossible choice: Give in to the ransom demand or cripple the ability of doctors and nurses to provide critical care,” said Monaco. “Left with no real choice, the hospital’s leadership paid the ransom.”
Monaco urged organizations hit by ransomware to report the crime to law enforcement, reports AP News. The Kansas hospital contacted the FBI which traced the payment and identified China-based money launderers who assisted the North Korean hackers in cashing out. The entire ransom payment was recovered.
Further blockchain analysis found these same accounts contained other ransom payments which the FBI traced to the Colorado medical provider, as well as to other potential overseas victims.
“We seized approximately $500,000 in ransom payments and cryptocurrency used to launder those payments,” Monaco said. “If you report that attack, if you report the ransom demand and payment, if you work with the FBI, we can take action. We can follow the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals accountable.”
FBI Director Christopher Wray said one challenge with ransomware is that it is being increasingly deployed by hostile governments who are eager for destruction.
“The other thing we’re seeing more and more of is ransomware actors doing more than just locking up the system,” he said during the conference. “They’re exfiltrating the information, they’re threatening to release your proprietary information.”
The number of ransomware attacks detected in the first quarter of this year doubled the total number for all of 2021, according to a new report from WatchGuard Technologies. A global threat report released earlier this year by CrowdSpike observed an overall 82% increase in ransomware-related data leaks from 2020 to 2021. Attacks on the healthcare sector increased from 94 to 154 — a 39% jump.