North Korean state-sponsored actors use ransomware to target health sector, US agencies warn
The US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigations (FBI), and the Department of the Treasury issued a joint cybersecurity advisory, offering details about the Maui ransomware, which they argue has been used by North Korea state-sponsored cyber actors to target organisations in the healthcare sector since at least May 2021.
According to the three agencies, the ransomware was used to encrypt servers responsible for providing healthcare services, leading to disruptions of services for prolonged periods in some cases.
The advisory provides guidance on what healthcare organisations can do to protect themselves from such threats: from maintaining offline data backups and ensuring that operating systems and software are up to date to putting in place cyber incident response plans. They are also encouraged not to pay ransoms, ‘as doing so does not guarantee files and records will be recovered’.