The FBI recovered nearly $500k from North Korean hackers after tracing ransomware payments made by a health organization to the illicit group.
The U.S. law enforcement authorities have intercepted a ransomware payment to the infamous North Korean hackers and recovered nearly $500k. U.S. Deputy Attorney General Lisa Monaco said on July 19th that the funds came from Kansas Medical Center, a health organization based in Colorado, and other health care organizations.
US recovers $500k from North Korean hackers
Monaco told a cybersecurity conference in New York that the state-sponsored cyber criminals in North Korea used the “Maui” ransomware to encrypt data from a Kansas hospital back in May 2021.
In that moment, hospital leadership was faced with an impossible choice like paralyzing the ability of doctors and nurses to provide critical care.
Deputy Attorney General Lisa Monaco.
The hospital paid $100,000 in bitcoin to regain access to its computer systems, while they also reported the situation to the FBI. Upon further investigation, the authorities traced the bitcoins to a money laundering group in China that was contracted by the North Korean cyber criminals “exchange ransoms into cash.”
According to Monaco, the Justice Department is currently in the process of returning the stolen funds to the affected victims. Monaco praised the Kansas hospital for reporting to the FBI.
As a result of that just decision, the ransom they paid was recovered, every ransom paid by a previously unknown victim was recovered, and a previously undiscovered ransomware strain was discovered.
Maui ransomware targets health firms
Recently, the FBI, the Cybersecurity and Infrastructure Agency (CISA), and the Treasury Department issued a joint statement warning U.S. healthcare organizations about the Maui ransomware. They warned that paying ransoms to the hackers would violate the U.S. embargo on North Korea.
