North Korean state-sponsored ransomware groups are targeting South Korean and U.S. healthcare organizations with Maui and H0lyGh0st ransomware as a way to raise revenue for the North Korean government, according to a Feb. 9 U.S. government cybersecurity advisory.
The groups demand cryptocurrency ransoms and then use the funds for espionage cyber operations targeting the U.S. and South Korea. In July, the U.S. government recovered $500,000 that two hospitals paid as a ransom to North Korean hackers.
The Feb. 9 advisory warning is an update of a warning that came in July.
The Democratic People's Republic of Korea often obfuscates its involvement in the ransomware attacks by working through a foreign third-party affiliate.