Feds disrupt North Korean hackers that targeted hospitals, seize $500K in ransom
By Heather Landi -July 21, 2022
The U.S. government disrupted the activities of a ransomware group connected to the North Korean government that targeted hospitals, ultimately recovering half a million dollars in ransom paid by a Kansas hospital and other medical facilities.
Authorities plan to return the stolen funds to the ransomware victims, including a hospital in Kansas and a medical center in Colorado, said Deputy Attorney General Lisa Monaco Tuesday.
Speaking at the International Conference on Cyber Security at Fordham University this week, Monaco said last year a medical center in Kansas that was targeted by hackers “did the right thing” at a moment of crisis and called the FBI.
“What flowed from that virtuous decision was: the recovery of their ransom payment; the recovery of ransoms paid by previously unknown victims; the identification of a previously unidentified ransomware strain—all from an investigation that allowed the FBI and its partners to release a cybersecurity advisory to empower network defenders everywhere,” Monaco said.
In May 2021, North Korean state-sponsored hackers used a ransomware strain called Maui to encrypt the files and servers of a medical center in Kansas.
