RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2022/07/27 16:37:26

Maui (ransomware virus)

Content

Ransomware ransomware viruses (ransomware)

Main article: Ransomware ransomware ransomware viruses (ransomware)

2022: US authorities confiscate $500,000 cryptocurrency hospitals paid to ransomware hackers

At the end of July 2022, the US Department of Justice confiscated $500,000 worth of cryptocurrency that hospitals paid to ransomware hackers as a ransom supported by the North Korean government.

In May 2021, North Korean hackers used a virus called Maui to encrypt files and servers at a medical center in Kansas. The hospital could not access its data for a week, after which it paid about $100 thousand in bitcoins to restore its information system.

US authorities confiscated $500,000 worth of cryptocurrency from ransomware hackers

The medical center notified the Federal Bureau of Investigation (FBI) of the incident, which helped identify a previously unknown North Korean ransomware and track the path of the cryptocurrency withdrawal. In April 2022, the FBI discovered another payment in bitcoins in the amount of $120 thousand, sent to the addresses of the same attackers. An investigation confirmed that a hospital in Colorado was blackmailed in exactly the same scheme. In July 2022, the FBI seized the contents of two cryptocurrency accounts that received funds from hospitals in Kansas and Colorado.

File:Aquote1.png
The hospital notified the FBI, which was able to track the stolen funds before the start of money laundering in China. This not only allowed us to return their ransom, as well as the ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware virus strain, said Deputy Prosecutor General Lisa Monaco.
File:Aquote2.png

The malware encrypted servers connected to electronic medical records, as well as diagnostic, imaging and intranet services, and in some cases disrupted operations for a long time, according to public documents released by the FBI. In a report by the Cybersecurity and Infrastructure Security Agency, recommended that providers restrict access to data by:

  • Authentication of system connections and devices;
  • Disable and set strong passwords and encryption for network device management interfaces;
  • Implement HIPAA security measures to protect PII and PHI;
  • Create and regularly review internal policies regarding access to PII and PHI.
  • Have offline, encrypted data backups and a plan to respond to similar incidents.[1]

Notes

Шаблон:Remarks