Cybersecurity experts warn North Korean State-Sponsored threat actors are using Maui ransomware to target entities in the Healthcare and Public Health (HPH) sector.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) released a new cybersecurity advisory (CSA) that described the Maui ransomware threat.
“Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services.,” CISA noted in the advisory.
Moreover, the cybersecurity experts warned that some of these incidents resulted in taking down HPH entities “for prolonged periods.”
Maui ransomware is an encryption binary that uses a combination of Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt the victim’s files.
“The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” the advisory warned.
Readers can also check out the full report for more technical details on the Maui ransomware threat, indicators of compromise (IoC), and recommended mitigations.