FBI, treasury department issue joint advisory against N. Korean ransomware
By Byun Duk-kun
WASHINGTON, July 6 (Yonhap) -- The Federal Bureau of Investigation (FBI) issued a cybersecurity advisory on Wednesday against ransomware that it said is being used by North Korean state-sponsored cyber actors.
The advisory, jointly issued by Cybersecurity and Infrastructure Security Agency and the Department of Treasury, said North Korean hackers have been using Maui ransomware since at least May 2021 to target healthcare and public health (HPH) sector organizations.
"Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations," said the joint advisory, also noting that in some cases the ransomware had disrupted services provided by targeted organizations for "prolonged periods."
"North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," it added.
The advisory said Maui ransomware is an "encryption binary," which allows a remote actor to interact with the malware and identify files to encrypt.
The issuing organizations noted North Korean state-sponsored cyber actors may have deployed the malware against healthcare and public health organizations as they likely assumed healthcare organizations "are willing to pay ransoms because these organizations provide services that are critical to human life and health."
They, however, said they "highly discourage" paying ransoms because "doing so does not guarantee files and records will be recovered and may pose sanctions risks."
Providing money or other goods to North Korea may be subject to punishment under U.S. and U.N. Security Council sanctions against Pyongyang.
North Korea is said to be increasingly using cyber attacks to secure funds for its nuclear and other weapons of mass destruction programs since the U.S. and U.N. sanctions have reduced most of its sources for hard currency.
The U.S. advisory urged caution by those in related sectors to mitigate ransomware attacks, which they said may include using multilayer network segmentation and securing personal identifiable information and patient health information and storing such information only on internal systems.
bdk@yna.co.kr
(END)
-
Overdue debut of Korean abstract art pioneer Yoo Young-kuk at Venice Biennale
-
Defense chief says N. Korea's hypersonic missile 'unsuccessful' in last-stage glide flight
-
Relax, immerse yourself in scents at Venice Biennale's Korean Pavilion
-
N. Korea has capability to genetically engineer biological military products: U.S. report
-
S. Korea marks 30th anniv. of Korean Pavilion at Venice Biennale with contemporary art
-
Overdue debut of Korean abstract art pioneer Yoo Young-kuk at Venice Biennale
-
Relax, immerse yourself in scents at Venice Biennale's Korean Pavilion
-
S. Korea marks 30th anniv. of Korean Pavilion at Venice Biennale with contemporary art
-
Defense chief says N. Korea's hypersonic missile 'unsuccessful' in last-stage glide flight
-
Questioning necessary for Kakao founder for suspected stock rigging: prosecution
-
Gov't likely to accept university chiefs' request to lower med school enrollment quota
-
Facebook page unveils photos of BTS member V in counter-terrorism unit gear
-
(4th LD) Finance chiefs of S. Korea, U.S., Japan recognize 'serious' concerns over 'sharp' won, yen depreciation
-
(2nd LD) N. Korea removes street lamps along inter-Korean roads
-
Yoon's approval rating sinks to lowest point since taking office