North Korean state-sponsored actors use ransomware to target health sector, US agencies warn
US agencies warn of North Korean state-sponsored actors using Maui ransomware to target healthcare organizations since May 2021. The advisory highlights the ransomware’s impact on encrypting healthcare servers and disrupting services. Recommendations include maintaining offline backups, updating systems, creating cyber incident response plans, and refraining from paying ransoms as a guarantee for file recovery.
The US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigations (FBI), and the Department of the Treasury issued a joint cybersecurity advisory, offering details about the Maui ransomware, which they argue has been used by North Korea state-sponsored cyber actors to target organisations in the healthcare sector since at least May 2021.
According to the three agencies, the ransomware was used to encrypt servers responsible for providing healthcare services, leading to disruptions of services for prolonged periods in some cases.
The advisory provides guidance on what healthcare organisations can do to protect themselves from such threats: from maintaining offline data backups and ensuring that operating systems and software are up to date to putting in place cyber incident response plans. They are also encouraged not to pay ransoms, ‘as doing so does not guarantee files and records will be recovered’.