FBI, treasury department issue joint advisory against N. Korean ransomware
By Byun Duk-kun
WASHINGTON, July 6 (Yonhap) -- The Federal Bureau of Investigation (FBI) issued a cybersecurity advisory on Wednesday against ransomware that it said is being used by North Korean state-sponsored cyber actors.
The advisory, jointly issued by Cybersecurity and Infrastructure Security Agency and the Department of Treasury, said North Korean hackers have been using Maui ransomware since at least May 2021 to target healthcare and public health (HPH) sector organizations.
"Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations," said the joint advisory, also noting that in some cases the ransomware had disrupted services provided by targeted organizations for "prolonged periods."
"North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," it added.
The advisory said Maui ransomware is an "encryption binary," which allows a remote actor to interact with the malware and identify files to encrypt.
The issuing organizations noted North Korean state-sponsored cyber actors may have deployed the malware against healthcare and public health organizations as they likely assumed healthcare organizations "are willing to pay ransoms because these organizations provide services that are critical to human life and health."
They, however, said they "highly discourage" paying ransoms because "doing so does not guarantee files and records will be recovered and may pose sanctions risks."
Providing money or other goods to North Korea may be subject to punishment under U.S. and U.N. Security Council sanctions against Pyongyang.
North Korea is said to be increasingly using cyber attacks to secure funds for its nuclear and other weapons of mass destruction programs since the U.S. and U.N. sanctions have reduced most of its sources for hard currency.
The U.S. advisory urged caution by those in related sectors to mitigate ransomware attacks, which they said may include using multilayer network segmentation and securing personal identifiable information and patient health information and storing such information only on internal systems.
bdk@yna.co.kr
(END)
-
(Movie Review) 'Troll Factory' navigates blurred line between fake, real with anticlimactic finale
-
Police officer admits to leaking investigation report into late actor Lee Sun-kyun
-
'Parasyte: The Grey' adapts Japanese alien invasion manga to Korean setting
-
S. Korea, U.S. launch task force to block N. Korea's nuclear, missile programs
-
N. Korean leader sends condolences to Putin over Russian concert hall shooting
-
(Movie Review) 'Troll Factory' navigates blurred line between fake, real with anticlimactic finale
-
'Parasyte: The Grey' adapts Japanese alien invasion manga to Korean setting
-
Police officer admits to leaking investigation report into late actor Lee Sun-kyun
-
Congenital diseases of children born from mothers working at Samsung recognized as industrial accidents
-
N. Korean leader sends condolences to Putin over Russian concert hall shooting
-
S. Korea, U.S. launch task force to block N. Korea's nuclear, missile programs
-
Unification minister slams N. Korea's abduction, detention of S. Koreans as inhumane
-
(LEAD) S. Korea, U.S. launch task force to block N. Korea's nuclear, missile programs
-
Major hospitals in emergency mode amid huge losses over doctors' walkout
-
Seoul bus drivers go on general strike