Federal agencies warn health sector against North Korean ransomware

U.S. federal agencies issued a joint advisory on Wednesday regarding North Korean state-sponsored cyber actors using Maui ransomware to target the health sector.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury said that particular ransomware has been used by North Korean government-backed hackers since at least last spring to target health care and public health sector organizations.

“This malicious activity by North Korean state-sponsored cyber actors against the healthcare and public health sector poses a significant risk to organizations of all sizes,” said Eric Goldstein, CISA’s executive assistant director for cybersecurity.

The advisory also provides steps the health sector can take to mitigate and prevent ransomware attacks. Some of the recommendations include regularly installing and updating antivirus and antimalware software, implementing user training programs and phishing exercises, and avoiding using public Wi-Fi networks.

The agencies also discouraged health sector organizations from paying ransoms because doing so does not guarantee the recovery of stolen data. Businesses should instead adopt and improve cybersecurity best practices and report ransomware attacks to law enforcement. 

“The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” the advisory said. 

“Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting [health care and public health] sector organizations.”

This is the latest joint advisory related to North Korean government-backed hackers. In April, the same federal agencies warned of increasing cyber threats involving cryptocurrency from a North Korean group.

The agencies said the group targeted various organizations in the cryptocurrency industry such as play-to-earn crypto video games, crypto trading companies and individual holders of valuable non-fungible tokens, often referred to as NFTs. 

The April advisory followed an FBI press release alleging that North Korean hackers were responsible for stealing about $620 million in cryptocurrency in March from Axie Infinity, a virtual video game that uses NFTs.