FBI recovers ransomware payments paid out by hospitals
Multiple hospitals paid north of $100,000 in exchange for Maui ransomware decryption key
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The FBI has managed to track down, and retrieve, almost half a million dollars extorted from multiple American healthcare organizations inransomwaredemands.
In its announcement, the U.S. Department of Justice (DoJ) described how when a hospital in Kansas was struck by the Maui ransomware in May 2021, it quickly notified law enforcement, which was a crucial move that eventually led not just to the retrieval of the funds, but to a lot more.
The FBI said that timely disclosure helped to obtain, and analyze, a brand newmalwarestrain, and eventually identify the perpetrators and return the money.
Obtaining a brand new ransomware strain
The Maui perpetrators were identified as a North Korean state-sponsored threat actor.
The Kansas hospital had paid some $100,000 in cryptocurrencies in exchange for the decryption key, while another medical services provider in Colorado had paid $120,000 shortly after.
Following the money helped the FBI identify an “undisclosed number” of additional payments, amounting up to $280,000, with the total amount seized in May 2022 amounting to some $500,000.
“Thanks to rapid reporting and cooperation from a victim, the FBI, and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui’,” explained Lisa O. Monaco, Deputy Attorney General.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain.”
Ransomware attacks are costing US schools and colleges billions>Microsoft links Holy Ghost ransomware operation to North Korean hackers>These are the best firewalls right now
Even though cryptocurrencies are often perceived as a great tool for cybercriminals, it’s actually a lot easier to track money going over the blockchain, compared to traditional finance. Blockchain’s very nature is pseudonymous, rather than anonymous, and once an identity is connected to a specific wallet, tracking the flows of money becomes a lot easier.
The cryptocurrency industry does have its own money launderers, but asBleepingComputerreports, following the money laundering process after the ransom payment can help the police identify, and possibly arrest, the threat actors.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
