Hackers sponsored by North Korea's government have been using the Maui ransomware to target healthcare and public health services providers for the last year, according to the U.S. government.
The FBI, Cybersecurity and Infrastructure Security Agency, and Treasury Department released a joint statement July 6 with new information about the ransomware, which began hitting U.S. healthcare organizations in May 2021.
Four details:
1. Maui ransomware, known as maui.exe, is an encryption binary designed for manual execution by a remote actor using command-line interface to identify files to encrypt.
2. The ransomware encrypts files with advanced inception standard 128-bit encryption, and each file has a unique AES key and custom header, according to the report.
3. The FBI said it thinks the hackers are using the ransomware against healthcare and public health services providers because organizations are willing to pay the ransom to retrieve their files.
3. Hospitals and health systems can implement and enforce multilayer network segmentation; turn off network device management interfaces; and limit access to data to lessen the severity of the attacks.