According to US cybersecurity warnings, North Korean state-sponsored cyber threat actors have employed the Maui spyware to attack the medical and public health sectors. The FBI has noticed and reacted to various Maui ransomware instances against HPH sector firms since May 2021. According to the ransomware alert, it requests any evidence and/or benign samples of encrypted data.
In these attacks, North Korean state-sponsored cyber attackers employed Maui ransomware to encrypt systems responsible for healthcare services such as electronic health records, diagnostics, imaging, and intranet services. In some instances, these attacks caused long-term disruptions in the services the targeted HPH Sector businesses supplied. These events’ original exposure vectors are unspecified.
The Maui ransomware is a binary encryption program. The Maui ransomware is an encryption binary. According to an industry analysis of a sample of Maui provided in ‘Stairwell Threat Report: Maui Ransomware,’ the ransomware appears to be designed for manual execution by a remote actor, the advisory said.
The online player uses a command-line terminal to communicate with the virus and discover files to encrypt. To lessen the possibility of penetration from ransomware operations, the FBI, CISA, and Treasury advise Healthcare and Public Health (HPH) sector organisations, as well as other critical infrastructure organisations, to implement the guidance in the CSA’s mitigation subsection. Victims of the Maui ransomware should contact their nearest FBI field office or CISA. The FBI thinks that North Korean state-sponsored cyber attackers pursue healthcare institutions because they assume healthcare organisations are prepared to pay extortion money since they provide life-saving services. Due to this notion, the FBI, CISA, and the Treasury believe North Korean state-sponsored actors will continue targeting healthcare organisations.
The FBI requests any evidence that may be supplied, such as border logs indicating communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, and/or benign samples of encrypted data, according to the ransomware alert. As previously indicated, the FBI discourages paying ransoms. Compensation does not ensure file recovery and may empower enemies to attack more enterprises, induce other criminal actors to disseminate ransomware, and/or support unlawful operations.
– Aarav Gupta
Edited By: Sabrina Bath