North Korean hackers foiled after FBI returns ransomware payments
- The FBI returned $500,000 in payments made through online transfers or cryptocurrencies
- China-based money launderers complete the transactions for the North Korean hackers
- A new law will force certain firms to report hacks within 72 hours
A North Korean state-sponsored hacking group that was targeting U.S. medical facilities and other similar organisations was foiled by federal investigators, a Justice Department official told Bloomberg on Tuesday.
The hacking group had previously attacked a Kansas medical center last year, disabling their data storage and key hospital equipment, Deputy Attorney General Lisa Monaco told Bloomberg. Following the attack, the Department of Homeland Security sent out a public warning to those in the medical sector about the “Maui” ransomware.
Speaking at the International Conference on Cyber Security at Fordham University in New York, Monaco said that the Kansas hospital’s administrators had only two choices, pay the ransom or risk the lives of their patients by crippling the ability of doctors and nurses to do their jobs.
Since Biden took on the presidency, his administration has been warning of increased cyber attacks coming from foreign nations, including Russia and China. Simultaneously, his administration has been pushing for the private sector to do more to harden security.
Also Read: Was Hunter Biden’s cloud account hacked? Internet brings on meme fest
Since the FBI began investigating ransomware attacks on medical establishments, they have identified China-based money laundering operations that support North Korean hacking groups ‘cash out’ on their ransom payments. The FBI was successful in retrieving $500,000 in payments made through electronic transfer and cryptocurrency, which include the funds that the Kansas-based medical center paid. “Today, we have unsealed the seizure warrant and initiated proceedings to return the stolen funds to the victims,” Monaco told Bloomberg.
In March this year, a federal grand jury found four Russian nationals guilty of cybercrimes committed against energy sector companies worldwide, which included a nuclear power facility in Kansas. The Justice Department is looking to charge more major cybercriminals who have attacked critical infrastructure through hacking.
Also Read: Norway blames ‘criminal pro-Russian group’ for cyber attack: What we know
The U.S. government has been pushing critical infrastructure operators to be more forthcoming with reporting instances of hacking or data breaches. The government is pushing for a new law that will make it compulsory for certain firms to report hacks to the Department of Homeland Security within 72 hours, or 24 hours in the case of completed ransomware payments.
Related Articles
ADVERTISEMENT