FBI Seizes $500,000 from North Korean Hackers

The US Department of Justice and the FBI announced it has seized about $500,000 in bitcoin, which was previously paid by US medical providers to North Korean hackers who ran the Maui ransomware.

Earlier this month, US law enforcement already warned about the activity of Maui, which purposefully attacks medical organizations and public health.

It was then reported that Maui uses a combination of AES, RSA and XOR for the encryption process: files are encrypted with AES using a unique key, which is then encrypted with the RSA key pair generated when the malware is first run, and then the RSA public key is encrypted using another hardcoded RSA public key.

Lisa Monak
Lisa Monak

Experts assumed that the entire malicious campaign is based on the willingness of medical institutions to pay a ransom, as they need to quickly recover from an attack and ensure uninterrupted access to critical data and services, because people’s lives and health depend on them.

As the Ministry of Justice now explains, the discovery of this malware occurred after an incident in a Kansas hospital, when the victims hurried to report to the FBI. In May 2021, this healthcare facility paid ransomware about $100,000 to recover data after a ransomware attack.

Thanks to a quick report and cooperation from the victim, the FBI and the Department of Justice stopped a North Korean-sponsored group that is developing ransomware known as Maui. This not only allowed us to return the ransom, but also to return ransoms paid by previously unknown victims and to identify a type of ransomware previously unknown to us.”said Deputy Attorney General Lisa Monak.

Due to the quick reporting of the incident, law enforcements were able to trace another $120,000 payment from an unnamed health care provider in Colorado. As a result, these two payments, as well as an unknown number of payments in the amount of $280,000, were seized in May 2022, and the total amount of funds recovered was approximately half a million US dollars.

It is currently unknown how the seizure of funds was organized. Probably, law enforcement officers were able to trace the funds that the criminals were trying to launder, to a certain cryptocurrency exchange that offers services for cashing out and converting cryptocurrencies into fiat.

Although the amount returned this time is not large (for example, we wrote that North Korean hackers stole $400 million in cryptocurrency in 2021), it is emphasized that such episodes demonstrate how quick reporting about incidents allows law enforcement agencies to track money faster and easier, return ransoms , as well as identify attackers and their tactics.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button