Feds Seize Hospital’s $500k Ransom Payment from North Korean Hackers

The Department of Justice says that it has seized roughly $500,000 in ransom funds made by a Kansas medical facility to a North Korean ransomware gang known as “Maui” final 12 months. The cash included the funds themselves together with cryptocurrency that the criminals had been utilizing to launder the hospital’s money.

The operation was revealed in a speech given by Deputy Attorney General Lisa O. Monaco on the International Conference on Cyber Security at Fordham University on Tuesday. The speech coincided with the discharge of the DOJ’s Comprehensive Cyber Review, an 81-page report that outlines its present technique in direction of combatting cyber threats.

“Last year, a medical center in Kansas experienced the dread that faces too many critical infrastructure operators. North Korean state-sponsored cyber actors encrypted the hospital’s servers – servers being used to store critical data and to operate key equipment,” Monaco mentioned. “The attackers left behind a note demanding ransom, and they threatened to double it within 48 hours. In that moment, the hospital’s leadership faced an impossible choice – give in to the ransom demand or cripple the ability of doctors and nurses to provide critical care.”

The facility in the end paid the attackers but additionally notified the FBI, which allowed authorities to start an investigation that in the end resulted in a restoration of the cash, Monaco mentioned.

“Following the crypto-breadcrumbs, the FBI identified China-based money launderers — the type who regularly assist the North Koreans in ‘cashing out’ ransom payments into fiat currency,” mentioned Monaco. “Additional blockchain analysis revealed that these same accounts contained other ransom payments. The FBI traced those to another medical provider in Colorado and potential overseas victims.”

The emergence of blockchain evaluation instruments of the type used on this investigation have been immensely useful to authorities combatting cybercrime. While the supposed anonymity of cryptocurrencies has given rise to a booming ransomware trade, instruments like these bought by companies like Chainalysis have helped to unmask that trade — permitting authorities to scan the general public blockchain and piece collectively the actions of its much less savory customers.

Authorities typically recommend that ransomware victims refuse cost—because it isn’t a surefire strategy to get your knowledge again. Decryption keys supplied by ransomware gangs don’t at all times work so effectively—and, as soon as a prison has your cash, there isn’t a lot incentive for them that will help you out, both.