FBI warns that North Korean hackers are targeting US healthcare organizations with ransomware...

midian182

Posts: 8,003   +87
Staff member
In a nutshell: The FBI and two other agencies have issued a warning that state-sponsored North Korean hackers are targeting US healthcare organizations with ransomware. The attacks have been taking place in the last year, often disrupting vital health services for "prolonged periods."

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury issued the joint warning to provide information on the Maui ransomware that has been infecting Healthcare and Public Health (HPH) Sector organizations since at least May 2021.

Like other ransomware, Maui encrypts an infected system's files with AES 128-bit encryption. In this case, it's the servers responsible for healthcare services that are targeted. Impacted areas include electronic health records, diagnostics, imaging, and intranet.

The agencies published technical details of Maui in the advisory, including indicators of compromise, using an industry analysis of a sample of the ransomware. The notice also includes a list of mitigations, such as turning off network device management interfaces, keeping software up to date, and maintaining offline data backups.

Healthcare organizations are a popular target for ransomware gangs as it's assumed they're more likely to pay ransoms when patients' lives are potentially at risk. A lawsuit last year claimed a baby died at a hospital due to a ransomware attack.

As always, the government advises victims not to hand over any payments to the hackers as there's no guarantee they'll unlock the files.

North Korea has long been known to use cryptocurrency attained through illegal means, such as the $615 million Ronin network hack, to fund its nuclear weapons program. However, the crypto winter that has seen prices take a nosedive has Impacted the value of the hermit country's ill-gotten gains. The crash is also forcing many ransomware gangs to expand into traditional forms of cybercrime where they can earn dollars instead of price-fluctuating crypto.

Masthead credit: Andrey_Popov

Permalink to story.

 

Uncle Al

Posts: 8,904   +7,878
Isn't it about time the designers of the internet come up with a major upgrade that allows total blockage on a country by country basis? It also should allow for an equal blockage of any country that assists the major offender as well. If this were implemented, countries like N. Korea, China, Russia, etc. would be forced into a choice .... either track down and stop the hackers or risk isolation from the rest of the world. There is simply no solid reason this could not be done and would be a great first step towards ending hacking as we know it. Certainly it would cause turmoil in the first months / years after implementation, but in the long run it would work well.
 

brucek

Posts: 1,152   +1,711
I think the calculus is that North Korea's crimes, while annoying, add up to far less economic damage than attempting to sever ties with China, which is not trivial.
 

sac39507

Posts: 419   +237
Isn't it about time the designers of the internet come up with a major upgrade that allows total blockage on a country by country basis? It also should allow for an equal blockage of any country that assists the major offender as well. If this were implemented, countries like N. Korea, China, Russia, etc. would be forced into a choice .... either track down and stop the hackers or risk isolation from the rest of the world. There is simply no solid reason this could not be done and would be a great first step towards ending hacking as we know it. Certainly it would cause turmoil in the first months / years after implementation, but in the long run it would work well.

I was just going to make the same comment. I think the ability and technology is there but no such effort will take place unless it affects the elites directly. The current leadership right now fears hurting feelings more than the threat to national security. Also, winning elections is top priority.
 

psycros

Posts: 4,233   +6,027
Isn't it about time the designers of the internet come up with a major upgrade that allows total blockage on a country by country basis? It also should allow for an equal blockage of any country that assists the major offender as well. If this were implemented, countries like N. Korea, China, Russia, etc. would be forced into a choice .... either track down and stop the hackers or risk isolation from the rest of the world. There is simply no solid reason this could not be done and would be a great first step towards ending hacking as we know it. Certainly it would cause turmoil in the first months / years after implementation, but in the long run it would work well.

We have that capability. The backbone providers know exactly what traffic comes from where. VPNs, Onion - none of that will mask the origin of an actual connection that carries the bits.
 

netman

Posts: 798   +350
US sanctioning of North Korea is perfectly Legal, but NK hackers targeting the US organizations is illegal...!