N. Korean hackers launch ransomware attacks on US hospitals

It was reported that a hacker group backed by the North Korean government launched cyberattacks using new ransomware on U.S. hospitals and extorted about 0.5 million dollars.

“We have recovered 0.5 million dollars in ransomware payments made to North Korean hackers by two hospitals located in Kansas and Colorado,” U.S. Deputy Attorney General Lisa Monaco said at an international cyber security conference held at Fordham University in New York on Tuesday, according to Voice of America.

The hackers encrypted a server containing the medical records and key medical equipment data of a hospital in Kansas in May last year and demanded a large sum of money in return for decryption. They threatened to double the amount of payment if payment was not made in 48 hours. The hospital paid 0.1 million dollars in Bitcoin and reported the incident to the Federal Bureau of Investigation (FBI).

“At that moment, the hospital's leadership faced an impossible choice: Give in to the ransom demand or cripple the ability of doctors and nurses to provide critical care,” said Deputy Attorney General Monaco. She added that the FBI identified the malware and traced this and other ransom payments to Chinese money launderers that help North Korean cyber criminals convert cryptocurrency into fiat currency. She said the ransomware used by the hackers called ‘Maui’ was a type that the FBI and prosecutors at the Department of Justice had not heard of.

The U.S. authorities also found 120,000 dollars paid in April this year by a hospital in Colorado in the hackers’ account. “Ransomware, once largely the province of garden-variety cybercriminals looking to extort cash, is now being increasingly deployed by hostile governments who are eager for destruction,” said FBI Director Christopher Wray at the same conference. “North Korea is a cyber crime organization in disguise of a country,” he said.


abro@donga.com