The U.S. Department of Justice (DoJ) has announced the capture of $500,000 worth of Bitcoin from North Korean hackers who used a new ransomware strain known as Maui to extort digital payments from multiple companies.
In a press release published on Tuesday, the DoJ stated that “the recovered money include ransoms paid by healthcare providers in Kansas and Colorado.”
The agency claimed to have taken control of two cryptocurrency accounts used to receive payments in the amount of $100,000 and $120,000 from the hospitals before recovering the bitcoin ransoms. The source of the remaining funds was kept a secret by the DoJ.
According to Assistant Attorney General Matthew G. Olsen of the DoJ’s National Security Division, reporting cyber events to law enforcement and helping with investigations not only protects the United States but is also wise business practise. The ransom victims’ compensation demonstrates the value of cooperating with law enforcement.
Since at least May 2021, North Korean government-backed hackers have been targeting the healthcare industry with the Maui ransomware, according to a joint advisory from U.S. cybersecurity and intelligence organisations.
According to reports, the incident that targeted the unnamed Kansas facility happened around the same time, which led the Federal Bureau of Investigation (FBI) to discover the previously unknown ransomware strain.
Although the exact method of the seizure is unknown, it’s probable that it was carried out by tracking money laundering trails to a cryptocurrency exchange that provides cash-out services to convert illicit bitcoin revenues to fiat currency.
In addition to espionage, North Korean threat actors have a long history of orchestrating financially motivated hacks for the sanctions-hit country in a variety of ways, such as targeting blockchain companies and using cryptocurrency heists by using rogue wallet apps and exploiting crypto asset bridges.
When seen in this context, ransomware adds yet another layer to its multifaceted strategy for producing illicit income that supports its top economic and security aims.
The interruption demonstrates the U.S. government’s ongoing progress in combating crypto-related criminal activity by allowing it to recover ransomware payments connected to DarkSide and REvil as well as money that was stolen in the 2016 Bitfinex attack.
The development also follows a warning from the FBI that threat actors are tricking people into downloading malicious cryptocurrency wallet apps by pretending to be investment services from reputable businesses.
Follow us on our social media handles. Instagram
We would be dropping a video on HOW RANSOMWARE IS CREATED on our Youtube channel so you could be Cyber Aware and stay safe.