North Korean hackers are using ransomware to attack healthcare providers

State-sponsored North Korean hackers have been using ransomware to attack US healthcare providers since May 2021.

The FBI, the Cyber ​​Security and Infrastructure Security Agency (CISA), and Treasury have issued joint recommendations to warn healthcare organizations about the threats.

“Cyber ​​attackers sponsored by the country of North Korea are likely to assume that they are willing to pay the ransom because medical institutions provide services that are essential to human life and health,” Paddy Field said.

According to the clue, the ransomware named Maui was used to encrypt the medical institution’s computer and demand that the victim pay to unlock the network.

Attackers, among other things, disrupt health care providers’ electronic medical record services, diagnostic services, imaging services, and intranet services. In some cases, the attack caused the ISP to lose the system and disrupt services in the long term.

The agency’s alerts contain information about Maui, including traces of intrusions and techniques used by hackers.

The malware is manually executed by a remote attacker while on the victim’s network.

These agencies are “strongly discouraged” from paying the ransom as it does not guarantee that hackers will regain access to the file and that attackers can continue to target medical institutions.

Healthcare providers are encouraged to adopt mitigation techniques and prepare for future ransomware attacks by installing software updates, maintaining offline backups of their data, and developing basic incident response plans. cyber. ..

North Korea’s missile program was financed with cryptocurrency stolen by state-sponsored hackers, according to a February UN report.

Healthcare providers are a major target for life-threatening hackers. In May, the Russian hacking group Killnet threatened to turn off a ventilator in a British hospital in response to the suspect’s arrest.