The US Department of Justice (DOJ) put an end to the activities of a North Korean state-sponsored group, which had deployed the Maui ransomware. The DOJ also seized $500,000 in ransom payments and cryptocurrency.
Lisa O. Monaco, the Deputy Attorney General, revealed that the seized funds include ransoms paid by healthcare providers in Kansas and Colorado. She said the department is returning the stolen funds to the victims. The DOJ filed a complaint in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or used to launder such ransom payments. It said the FBI filed a sealed seizure warrant in May 2022 for the funds worth about half a million dollars.
Speaking at the International Conference on Cyber Security, Monaco said the approach used in this case exemplifies how the DOJ is attacking malicious cyber activity from all angles to disrupt bad actors and prevent the next victim. In early July, the US government had warned that North Korean attackers were using the Maui ransomware family to target healthcare and public health organizations with manual intrusions.
The US authorities have gained traction to track and seize illicit cryptocurrency funds from various cybercrimes. This can be seen in cases like the Colonial Pipeline ransomware attack in May 2021, wherein the DOJ seized 63.7 Bitcoins worth $2.3 million of the total ransom paid in the attack, that is 75 Bitcoin. Then the department seized $3.6 billion in Bitcoin, in February 2022, in connection to the 2016 Bitfinex hack. The Internal Revenue Service’s criminal investigation unit also managed to seize $3.5 billion in cryptocurrency during 2021 fiscal.
The DOJ revealed that the seizure and disruption would not have been possible without the Kansas-based medical facility reporting the ransomware attack. Charles Dayoub, Special Agent in Charge of the FBI Kansas City Field Division, attributed the department’s success to swift reporting by the victim medical center. He said the action was taken to lessen the loss of the victim company and identify the malware used, and prevent additional cyber attacks. The special agent acknowledged that the relationship between the FBI and the private sector partners is critical to discover, disrupt and dismantle cyber threats to the country’s infrastructure.
