FBI, treasury department issue joint advisory against N. Korean ransomware
By Byun Duk-kun
WASHINGTON, July 6 (Yonhap) -- The Federal Bureau of Investigation (FBI) issued a cybersecurity advisory on Wednesday against ransomware that it said is being used by North Korean state-sponsored cyber actors.
The advisory, jointly issued by Cybersecurity and Infrastructure Security Agency and the Department of Treasury, said North Korean hackers have been using Maui ransomware since at least May 2021 to target healthcare and public health (HPH) sector organizations.
"Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations," said the joint advisory, also noting that in some cases the ransomware had disrupted services provided by targeted organizations for "prolonged periods."
"North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," it added.
The advisory said Maui ransomware is an "encryption binary," which allows a remote actor to interact with the malware and identify files to encrypt.
The issuing organizations noted North Korean state-sponsored cyber actors may have deployed the malware against healthcare and public health organizations as they likely assumed healthcare organizations "are willing to pay ransoms because these organizations provide services that are critical to human life and health."
They, however, said they "highly discourage" paying ransoms because "doing so does not guarantee files and records will be recovered and may pose sanctions risks."
Providing money or other goods to North Korea may be subject to punishment under U.S. and U.N. Security Council sanctions against Pyongyang.
North Korea is said to be increasingly using cyber attacks to secure funds for its nuclear and other weapons of mass destruction programs since the U.S. and U.N. sanctions have reduced most of its sources for hard currency.
The U.S. advisory urged caution by those in related sectors to mitigate ransomware attacks, which they said may include using multilayer network segmentation and securing personal identifiable information and patient health information and storing such information only on internal systems.
bdk@yna.co.kr
(END)
-
Police officer admits to leaking investigation report into late actor Lee Sun-kyun
-
'Parasyte: The Grey' adapts Japanese alien invasion manga to Korean setting
-
S. Korea, U.S. launch task force to block N. Korea's nuclear, missile programs
-
N. Korean leader sends condolences to Putin over Russian concert hall shooting
-
Defense chief calls for defending NLL on anniversary of 2010 warship sinking
-
'Parasyte: The Grey' adapts Japanese alien invasion manga to Korean setting
-
Police officer admits to leaking investigation report into late actor Lee Sun-kyun
-
Congenital diseases of children born from mothers working at Samsung recognized as industrial accidents
-
N. Korean leader sends condolences to Putin over Russian concert hall shooting
-
N.K. leader's sister says Japan's PM proposed summit with Kim
-
Yellow dust advisories issued for parts of S. Korea
-
(5th LD) UNSC fails to extend mandate of expert panel monitoring N.K. sanctions enforcement
-
Yellow dust storm blankets S. Korea; fine dust advisory issued
-
Japan's PM voices willingness to push for summit with N. Korea
-
(3rd LD) Unionized bus drivers in Seoul end general strike after reaching wage deal