The U.S. Department of Justice (DoJ) has announced the seizure of around $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using the Maui ransomware strain.
The seized funds include ransoms paid by healthcare providers in Kansas and Colorado.
The agency recovered the bitcoin ransoms after it took control of two cryptocurrency accounts that were used to receive payments of $100,000 and $120,000 from the medical centers. The DoJ did not reveal where the remaining payments came from.
Earlier this month, U.S. cybersecurity and intelligence agencies issued a joint advisory regarding the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021.
During the same time, the incident targeting the unnamed Kansas facility have occurred and they had paid approximately $100,000 to the Maui ransomware gang in May 2021 to restore its IT network.
This prompted the Federal Bureau of Investigation (FBI) to uncover the new ransomware strain and they tracked another payment of $120,000 from a medical provider in Colorado shortly afterward.
This case illustrates the importance of reporting ransomware incidents to the law enforcement authorities as quickly as possible, while indicators of compromise are fresh and payments can more easily be traced.
