North Korean Hackers Targeting US Healthcare Industry

The FBI, CISA, and the U.S. Treasury Department issued an advisory that ransomware is being used by North Korean cybercriminals to attack medical and healthcare organizations across the country.

It is stated by the joint advisory that since May 2021, North Korean  hackers have been utilizing a specific file locker malware called Maui ransomware to target the healthcare and public health sectors in the United States.

According to the notice, the FBI has identified and dealt with multiple instances of the Maui ransomware against HPH Sector companies since May 2021.

security header

In these cyberattacks, state-sponsored cybercriminals from North Korea use the Maui ransomware to encrypt systems in charge of providing healthcare services, including electronic health record services, diagnostics services, imaging services, and intranet services.

The services provided by the HPH Sector businesses that were targeted by these attacks occasionally experienced lengthy outages. It’s possible that these events involved unknown initial access vectors.

Technical information in the joint alert states that the aforementioned Maui ransomware encrypts target files with AES 128-bit encryption. For Maui to recognize previously encrypted files, each encrypted file has a distinct AES key and a custom header specifying the file’s original path.

Additionally, the FBI reports that North Korean state-sponsored cybercriminals have targeted businesses in the healthcare and public health sectors with the Maui ransomware because these companies provide services that are crucial to human life and health leads North Korean cybercriminals to believe that hospitals will be willing to pay a ransom.

In order to lessen the threat posed by Maui ransomware and other malicious threats, organizations in the healthcare industry are urged to follow some safety measures. Which includes disabling unused network protocols, securing and encrypting patient and personal information. As well as implementing multi-layer network protection, and constantly monitoring their environments for unusual behavior in the system.

The FBI, CISA, and Treasury believe that North Korean state-sponsored actors will continue to target businesses in the HPH Sector as a result of this supposition.