About half-a-million dollars in extortion payouts delivered by a Kansas health care institution to a North Korean extortion group dubbed Maui in 2021 have been recovered, according to the Department of Justice. The funds consisted of both the actual transactions made and the cryptocurrencies that the thieves were utilizing to wash funds taken from the institution.
Lisa O. Monaco, the assistant attorney general, discussed the investigation during her Tuesday lecture at the World Conference concerning Cyber Security at Fordham University. In addition to the address, the Department of Justice (DOJ) also released its Complete Cybersecurity Assessment, an 81-page document that details the department’s current approach to countering cybersecurity risks.
The attacks were perpetrated By North Korean Hackers
The Kansas health facility felt the fear of too many key asset managers last year when it underwent a cyberattack. According to Monaco, computers used to hold vital information and run essential medical technology were seized by North Korean cyber hackers. A message was left behind by the perpetrators asking for extortion and threatening to treble the amount if it wasn’t paid in 48 hours.
At that point, the hospital administration had to decide whether to pay the extortion or severely limit the capacity of physicians, pharmacists, and other medical professionals to offer life-saving treatment to patients.
After paying off the perpetrators, the institution alerted the FBI, who launched an operation that led to the restoration of the funds, as reported by Monaco. According to Monaco, the FBI was able to track down fraudsters sitting in Beijing who help the North Koreans “wash in” extortion monies into fiat currency by tracing the digital trail left behind. Subsequent blockchain investigation uncovered further ransom payments held in the very same wallets. The FBI was able to link them to a different Colorado medical clinic and possible sufferers in other countries.
The government’s efforts to prevent cyberattacks have been greatly aided by the introduction of blockchain analysis software like those employed in this case. While the secrecy of cryptocurrency has spawned a thriving malware business, technologies supplied by companies like Chainalysis have aided to expose it by enabling officials to examine the blockchain network and put together the activity of its less savory members.
Officials advise sufferers of extortion to not pay the extortion since doing so is no guarantee that the data will be restored. Unfortunately, the recovery codes supplied by extortion groups aren’t usually reliable, and once a crook gets your payment, they have no need to assist you out.