2 min read

North Korea-Backed Hackers Target Hospitals with Ransomware, FBI Warns

Vlad CONSTANTINESCU

July 07, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
North Korea-Backed Hackers Target Hospitals with Ransomware, FBI Warns

North Korean state-backed hackers are at the bottom of several ransomware attacks against hospitals and other Healthcare and Public Health (HPH) sector organizations, the US government said.

A joint announcement by the FBI, the US Department of the Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) discloses that the perpetrators have used a ransomware strain dubbed Maui against US hospitals.

“Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations,” reads the security advisory. “North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services.”

Maui is a ransomware strain typically controlled manually by a remote operator. Threat actors connect to compromised machines remotely and use a command-line interface to identify files to encrypt and send commands to the malware.

The ransomware uses a blend of XOR, RSA and AES encryption types to lock compromised documents on target machines, as follows:

  1. Maui uses AES-128 to encrypt target files; it uses unique AES keys and custom headers for each file to facilitate the identification of previously encrypted documents
  2. The ransomware encrypts each AES key with RSA
  3. Maui uses XOR to encode the RSA public key

“The FBI assesses North Korean state-sponsored cyber actors have deployed Maui ransomware against Healthcare and Public Health Sector organizations,” the announcement says. “The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health.”

Aside from indicators of compromise (IOCs), tactics, techniques and procedures (TTPs), and technical descriptions of the ransomware operation, the advisory also outlines mitigation for HPH Sector organizations:

  • Opting for standard user accounts instead of administrative ones on internal systems
  • Disabling network management interfaces (SSH, Telnet, Winbox) on Wide Area Networks (WANs)
  • Using monitoring tools to observe potential anomalies on IoT devices
  • Enforcing strong internal policies regarding collection, access, monitoring and storage of Personal Identifiable Information (PII) and Protected Health Information (PHI)
  • Implementing multi-layer network segmentation
  • Using digital certificates and public key infrastructure to limit access to sensitive data

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns
Filip TRUȚĂ

August 05, 2022

2 min read
Keeping Your PayPal Account Safe: A Brief Guide Keeping Your PayPal Account Safe: A Brief Guide
Vlad CONSTANTINESCU

August 05, 2022

3 min read
35,000 GitHub Repository Clones Tainted with Malware 35,000 GitHub Repository Clones Tainted with Malware
Vlad CONSTANTINESCU

August 04, 2022

2 min read