The U.S. DoJ has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide.
A complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. The seized funds include ransoms paid by health care providers in Kansas and Colorado.
Maui ransomware infected the servers of the hospital in the District of Kansas. They opted to pay approximately a $100,000 ransom in Bitcoin to receive a decryptor e recover the encrypted files. The Kansas medical center notified the FBI, which investigated the incident and was able to identify the previously unknown Maui ransomware and trace the payment to China-based money launderers.
In April this year, the FBI observed an approximately $120,000 Bitcoin payment into one of the seized cryptocurrency accounts that were identified thanks to the cooperation of the Kansas hospital. These funds were related to the payment of a medical provider in Colorado that was hit by the Maui ransomware
The attacks against Healthcare and Public Health Sector organizations started in May 2021 and government experts observed multiple cases that involved the use of the Maui ransomware.
North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic health records services, diagnostics services, imaging services, and intranet services.
Indicators of Compromise