- The payments were from US healthcare organizations that have been the target of these hackers since last year.
- The FBI successfully traced the payments after identifying the ransomware the hackers were using.
According to the deputy attorney general at the US department of justice (Lisa Monaco), the US law enforcement agents reclaimed nearly $500,000 from North Korean hackers. The amount was ransomware payments made by US healthcare organizations, particularly the Kansas medical center and a Colorado-based healthcare provider.
Monaco gave the briefing while delivering an address at a cybersecurity event held in New York. Monaco said the FBI and the US department of justice (DoJ) were able to disrupt the activities of the state-sponsored hacker group following a fast report and cooperation from a victim.
She said the FBI discovered that the hacker group was using the Maui ransomware for their wicked operations. An official statement from the DoJ states that the North Korea-sponsored hackers encrypted the servers of the Kansas medical center in May last year. Then, they demanded payment before restoring access to the medical center.
The medical center filed a report to the authorities after paying the hackers in BTC worth $100,000. The FBI swung into action immediately after the notification. With cooperation from the Kansas medical center, the FBI would later discover that the hackers had been using the ‘Maui’ ransomware to carry out their attackers. Also, it traced the BTC paid by Kansas medical center to a china-based money laundering group.
The FBI discovered that the Colorado medical center paid $120,000 to a flagged crypto account three months ago. The account is one of those used by the hacker group. In May 2022, law enforcement agents also seized digital assets from two crypto accounts that had also received payments from other US healthcare providers.
After this incident, the justice department started taking necessary actions to reclaim the ransomware payments and return them to the healthcare firms. Matthew G. Olsen (an assistant attorney general) said it is always good business and a way to protect the United States when victims of cybercrimes report the incident to law enforcement agents and cooperate during the investigation. He also said that the return of such funds to the victims by law enforcement agents is the added benefit of working with them.
Nullifying the threat
A few weeks ago, various US government agencies made a joint public statement about the activities of the state-sponsored hackers targeting US healthcare firms and hospitals. The white house also warned that North Korea is using cyberattacks and crypto-ransomware payments for two reasons.
The nation’s authorities are attempting to evade economic sanctions, and they look for cash to fund their weapons programs. The FBI also revealed that the state-sponsored Lazarus group was responsible for stealing $620 million worth of digital currencies from a Web3 play-to-earn gaming network in march this year.
In addition, a report by elliptic (a blockchain analytics firm) accused the same group of being responsible for stealing $100 million worth of cryptos from horizon bridge last month. The San Francisco-based harmony blockchain owns and operates the crypto transfer service provider, horizon bridge.
Related: North Korea’s Lazarus group identified as hackers behind Horizon Bridge’s $100M hack
Last week, researchers at the Microsoft Threat Intelligence Center the ‘Holy Ghost’ ransomware. According to the researchers, the ransomware is the latest from North Korea and has already been used successfully against small firms in various nations in the last 12 months.