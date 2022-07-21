US touts disruption of cybercriminals

CASH RECOVERED: A justice official said it identified N Korea-based hackers who initiated a ransomware attack of a hospital in Kansas, which paid a ransom last year

AP, NEW YORK





The FBI and the US Department of Justice recently disrupted the activities of a hacking group that was sponsored by the North Korean government and that targeted US hospitals with ransomware, ultimately recovering US$500,000 in ransom payments and cryptocurrency, US Deputy Attorney General Lisa Monaco said on Tuesday.

Monaco revealed new details of the attacks during a speech in which she encouraged organizations hit by ransomware to report the crime to law enforcement, so that officials can investigate and so that they can help companies try to get ransom payments back.

In this case, a Kansas hospital that paid a ransom last year after being attacked by ransomware also contacted the FBI, which traced the payment and identified China-based money launderers who assisted the North Korean hackers in cashing out the illicit proceeds, Monaco said.

US Deputy Attorney General Lisa Monaco speaks at a forum in Washington on May 6. Photo: AP

The FBI recovered US$500,000, including the entire ransom payment from the hospital, she said.

“If you report that attack, if you report the ransom demand and payment, if you work with the FBI, we can take action,” Monaco said at the International Conference on Cyber Security, hosted by Fordham University. “We can follow the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals accountable.”

US officials last year scrambled to confront a wave of high-profile ransomware attacks — in which hackers encrypt or lock up data and demand exorbitant sums to return it — including against a fuel pipeline on the US’ east coast.

Although the pace of such large-scale attacks seems to have slowed, smaller targets — such as hospitals — continue to be affected.

FBI Director Christopher Wray said at the same conference that a particular challenge is that ransomware, once largely the province of garden-variety cybercriminals looking to extort cash, is now being increasingly deployed by hostile governments who are eager for destruction.

“The other thing we’re seeing more and more of is ransomware actors doing more than just locking up the system,” Wray said. “They’re exfiltrating the information, they’re threatening to release your proprietary information.”

This variant of ransomware, known as “Maui,” specifically targeted hospitals and public health organizations across the US.

Justice department officials said that the attack on the Kansas hospital, which they did not identify, took place in May last year when hackers encrypted the medical center’s files and servers.

The hospital paid about US$100,000 in bitcoin to get its data back.