North Korean hackers targeting healthcare sector with Maui ransomware | #malware | #ransomware


The U.S government is warning healthcare and public health care organizations to be on alert for attacks by North Korean state-sponsored hackers using Maui ransomware to target the sector.

The alert, issued by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Agency and the Department of the Treasury, states that multiple ransomware attacks using Maui ransomware have been detected targeting the healthcare sector since May 2021.

An attack using Maui runs a traditional path for ransomware by encrypting files on servers. Previous attacks have included servers hosting electronic health records, diagnostics services, imaging services and intranet services. In some cases, the Maui ransomware attacks have disrupted the services provided by healthcare providers for a prolonged period. The initial attack vector for these incidents is not known.

The alert does not specify whether data is stolen in the attacks or not. Maui does differ from traditional ransomware in one way – instead of encrypting all files, the ransomware targets specific files in what may be a process of manual selection.

The FBI, CISA and Treasury are urging healthcare providers to take steps to mitigate the risk of being targeted by Maui. These include limiting access to data by deploying public key infrastructure and digital certificates to authenticate connections, Internet of Things medical devices and electronic health records.

Healthcare providers should also turn off device management interfaces, secure personally identifiable information, protect stored data by masking the permanent account number and implement multi-layer network segmentation, among other recommendations.

“This Maui campaign is interesting in that a ransomware campaign is being selective,” Aaron Turner, chief technology officer, SaaS Protect at AI cybersecurity company Vectra AI Inc., told SiliconANGLE. “However, if North Korea is really involved, then it is conceivable that the ransomware activities are only an after-thought for when attackers have exfiltrated the selected data that they want before initiating the encryption of files to block access.”

“In my opinion, this use of operator-driven selective encryption is most likely an indicator that the Maui campaign is not just a ransomware activity, but most likely a combination of intellectual property theft / industrial espionage combined with opportunistic monetization activities through ransomware,” Turner added.

James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc. commented that Maui represents a different style of ransomware as they select which files to target and leave behind no instructions to make payment.

“Cyber criminals want to get paid quickly and effectively and with little information for the victim the attack is increasingly malicious in nature,” McQuiggan explained. “Healthcare is always targeted due to their multi-million dollar operating budget and U.S, Federal guidelines that make it difficult to quickly update systems and thus makes it a prime target for cybercriminals.”

Photo: Roman Harak/Flickr

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.



Original Source link

Leave a Reply

Your email address will not be published.

64 + = seventy three