Cybersecurity alert: New ransomware threat to healthcare out of North Korea

Editor's Note

The FBI, Cybersecurity and Infrastructure Security Agency, and Treasury Department on July 6 issued a joint cybersecurity advisory warning of ransomware threats against the US healthcare and public sectors from hackers sponsored by North Korea, Becker’s Health IT July 6 reports.

The FBI explained the threat comes from the Maui ransomware platform, which has been in use by hackers to target healthcare and other public health providers in the US since May 2021.

Here are four highlights from the advisory alert, according to Becker’s:

• The Maui ransomware, known as maui.exe, is an encryption binary designed for manual execution by a remote actor using command-line interface to identify files to encrypt.
• It encrypts files with advanced inception standard 128-bit encryption, and each file has a unique AES key and custom header.
• The FBI thinks the hackers are using the ransomware against healthcare and public health services providers because organizations are willing to pay the ransom to retrieve their files.
• Hospitals and health systems can implement and enforce multilayer network segmentation; turn off network device management interfaces; and limit access to data to lessen the severity of the attacks.

For more resources, tactics, techniques, and procedures, along with indicators of compromised systems, review the full advisory report here.