Federal Agencies Issue Joint Advisory Against Ransomware Used by North Korean Hackers
The Cybersecurity and Infrastructure Security Agency, the FBI and the Department of the Treasury have issued a joint cybersecurity advisory regarding ransomware that North Korean state-sponsored actors have been using to target the health care and public health sector.
The advisory outlines details about the ransomware, as well as indicators of compromise observed during multiple FBI incident responses. The advisory also revealed that hackers have been using the Maui ransomware since May 2021.
The FBI noticed that hackers use Maui to encrypt HPH servers responsible for providing health care services. In some cases, cyberattacks disrupted the delivery of health care services for prolonged periods, CISA said.
According to Eric Goldstein, the executive assistant director for cybersecurity at CISA, the North Korean hacks pose a significant risk to all organizations. He said the agency is continuously working with its partners to deliver timely information that can help entities improve their resilience against cyber threats.
The three agencies have urged the HPH sector and other critical infrastructure organizations to practice good cybersecurity hygiene, review the cybersecurity advisory and apply the recommended mitigations listed in the document to reduce the chances of being affected by hacks. Potential victims are also discouraged from paying ransoms because doing so does not guarantee that their data will be recovered and may even lead to sanctions.
CISA, the FBI and the Treasury Department also assessed that North Korean hackers are likely to continue targeting the HPH sector because of assumptions that organizations will be willing to pay to avoid disruption of critical services.
Tags: cybersecurity Cybersecurity and Infrastructure Security Agency Department of the Treasury Eric Goldstein FBI health care sector joint cybersecurity advisory Maui ransomware North Korea