North Korean-backed hackers are targeting hospitals and other healthcare organizations in the United States with ransomware, a trio of government agencies that includes the Federal Bureau of Investigation warned in a new cybersecurity alert.
The advisory, issued Wednesday, said that North Korean cyber actors have been using “Maui” ransomware in attacks against the healthcare and public health sector since at least May 2021.
The ransomware was reportedly used to encrypt servers responsible for health records, diagnostics and imaging services. Under such attacks, the hackers can demand that victims pay a fee to restore access to the servers.
In some cases, the incidents disrupted services for “prolonged periods,” according to the alert that was jointly issued by the FBI, the Treasury Department and the Cybersecurity and Infrastructure Security Agency.
“The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” the advisory said.
The same trio of agencies warned in April that North Korea was stepping up cyberattacks on cryptocurrency and blockchain platforms as the secretive regime looked for ways to evade international sanctions to fund its weapons programs.
The Pyongyang-affiliated Lazarus Group was behind the stunning theft of $620 million in cryptocurrency from an online video game network in March, the FBI concluded.
The Lazarus Group was also likely responsible for a $100 million heist last month from Horizon Bridge, a crypto transfer service operated by U.S.-based Harmony blockchain, according to a report by analytics firm Elliptic.
The Maui ransomware attacks are further evidence that state-backed cybercriminals are increasingly turning their attention to healthcare facilities.
Last month, FBI Director Christopher Wray identified hackers sponsored by the Iranian government as responsible for an attempted attack on the computer network of Boston Children’s Hospital. Wray called it “one of the most despicable cyberattacks I’ve seen.”
Moscow-linked hackers have been also tied to malware and ransomware attacks that disrupted U.S. hospitals and healthcare companies in recent years. In March, the U.S. Department of Health and Human Services issued a warning to the health sector that Russian cyberattacks may be on the rise in the aftermath of Moscow’s invasion of Ukraine.
North Korea is likely to continue targeting healthcare and public health organizations, Wednesday’s alert said — but the agencies discouraged victims from paying ransoms.
“Doing so does not guarantee files and records will be recovered and may pose sanctions risks,” the alert warned.