author_name|Mariella Moon language|en-US provider_name|Engadget region|US site|engadget

Feds warn North Korean hackers are using ransomware to attack healthcare providers

State-sponsored North Korean hackers have been targeting healthcare providers since at least May 2021, according to the US government. FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Department of the Treasury issued a joint recommendation warns health organizations about the MO of attackers. Apparently, healthcare organizations use a ransomware called Maui to encrypt their computers and then demand payment from victims to unlock their network. The agencies’ alert contains information about Maui, including indications of compromise they drew from a sample obtained by the FBI, and techniques used by bad actors.

The agencies said the attackers had locked down electronic health record services, diagnostic services, imaging services and intranet services of healthcare providers, among others. In some cases, the attacks kept providers out of their systems and disrupted their services for a long time.

According to the agencies’ advice, the malware is manually executed by a remote actor after it enters the victim’s network. They “absolutely discourage” paying the ransom, because that doesn’t make bad actors give victims the keys to unlock their files. However, agencies acknowledge that attackers will likely continue to target organizations in the healthcare industry. “North Korean state-sponsored cyber actors presume that healthcare organizations are likely willing to pay the ransom because they provide services critical to human life and health,” they said.

Agencies are now urging healthcare providers to use mitigation techniques and prepare for potential ransomware attacks by installing software updates, maintaining offline backups of data, and devising a basic cyber incident response plan. For those wondering what happens to the funds North Korea derives from such operations: A United Nations report earlier this year bring out He said the country is using cryptocurrency stolen by state-backed hackers to fund its nuclear and ballistic missile programs.

Healthcare providers have been the primary target of ransomware-using malicious actors for some time, especially since the pandemic began. In 2020, the FBI and CISA issued a joint warning that hospitals and healthcare providers are in danger of being the target of a ransomware attack. Russian-speaking criminal gang UNC1878 and other attackers targeted healthcare facilities at the height of the pandemic, leaving some victims no choice but to comply with their demands as they fight to save people’s lives.

All products recommended by Engadget are selected by our editorial team independent of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Source link