DOJ Seizes $500K in Ransom Payments, Cryptocurrency From State-Sponsored North Korean Hackers

fbi seizes

The U.S. Department of Justice (DOJ) has seized $500K in ransom payments and cryptocurrency from a state-sponsored North Korean group. “We are returning the stolen funds to the victims,” Deputy Attorney General Lisa O. Monaco said, adding that the seized funds include ransoms paid by health care providers in Kansas and Colorado.

DOJ Seizes Crypto From North Korean State-Backed Group

The U.S. Department of Justice (DOJ) announced Tuesday that it has seized and forfeited approximately $500K from North Korean ransomware actors and their conspirators. The department added that it has filed a complaint “in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments.”

The DOJ stated:

In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms paid by health care providers in Kansas and Colorado.

Deputy Attorney General Lisa O. Monaco reiterated Tuesday at the International Conference on Cyber Security 2022, “We seized approximately half a million dollars in ransom payments and cryptocurrency used to launder those payments.” She added: “Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui.’”

Last year, the North Korean group encrypted a Kansas medical center’s servers used to “store critical data and operate key equipment,” Monaco detailed. The attackers demanded ransom, which the hospital paid.

The FBI and Justice Department prosecutors traced the ransom payment through the blockchain. “The FBI identified China-based money launderers — the type who regularly assist North Koreans in ‘cashing out’ ransom payments into fiat currency,” the deputy attorney general detailed. “Additional blockchain analysis revealed that these same accounts contained other ransom payments. The FBI traced those to another medical provider in Colorado and potential overseas victims.”

Monaco added:

Today, we have made public the seizure of those ransom payments, and we are returning the stolen funds to the victims.

In October last year, Monaco announced the creation of a National Cryptocurrency Enforcement Team (NCET). The aim of the initiative is “to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors,” the DOJ described. “The team will also assist in tracing and recovery of assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups.”

Tags in this story
crypto ransom payments, cryptocurrency ransom payments, DOJ, FBI, fbi seizes crypto, kansas hospital, Lisa O. Monaco, north korea hackers, north korea ransomware, ransom payments, ransomware, seizes crypto, seizes cryptocurrency

What do you think about the DOJ seizing ransom payments and cryptocurrency from a North Korean state-sponsored group? Let us know in the comments section below.

Kevin 200x200 closeup
Kevin Helms

A student of Austrian Economics, Kevin found Bitcoin in 2011 and has been an evangelist ever since. His interests lie in Bitcoin security, open-source systems, network effects and the intersection between economics and cryptography.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Read disclaimer