FBI recovers $500,000 healthcare orgs paid to Maui ransomware

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain.

At the start of this month, Maui was highlighted by the FBI and CISA as a new North Korean-backed ransomware operation extorting western organizations with encryption attacks.

The particular ransomware operation demonstrated an inclination towards healthcare and public health organizations in its targeting, causing life-threatening service outages.

As explained in the DoJ announcement, the discovery of the new strain resulted from a security incident report from a Kansas hospital to the FBI.

“Thanks to rapid reporting and cooperation from a victim, the FBI, and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui’,” explained Lisa O. Monaco, Deputy Attorney General.

“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain.”

The Kansas hospital had paid approximately $100,000 to the Maui ransomware gang in May 2021 to restore its IT network following a data-encrypting cyberattack.

Thanks to their quick reporting of the incident to the FBI, law enforcement tracked another payment of $120,000 from a medical provider in Colorado shortly afterward.

These two payments and an undisclosed number of payments amounting to $280,000 were eventually seized in May 2022, so the total retrieval was roughly half a million USD.

This case illustrates the importance of reporting ransomware incidents to the law enforcement authorities as quickly as possible, while indicators of compromise are fresh and payments can more easily be traced.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top