US intelligence and cybersecurity officials have warned that North Korean government-backed hackers are using Maui ransomware to target the healthcare sector.

According to a new joint cybersecurity advisory, this activity has been going on since at least May 2021.

CISA, FBI, and the Department of the Treasury have all released alerts regarding a potential cybersecurity threat.

Cybersecurity firm Stairwell has found a new ransomware family that does not have several key features commonly associated with ransomware-as-a-service (RaaS) groups. This makes it stand out from other ransomware families.

The Maui ransomware is a new type of malware that does not include the usual “embedded ransom note” for recovery instructions or transmitting encryption keys to attackers. According to security researcher Silas Cutler, this makes it more difficult to detect and remove.

Maui samples suggest that the malware is designed to be manually executed by a remote actor via a command-line interface. This allows the attack to target specific files on the infected machine for encryption.

Removing the Maui ransomware can be tricky, so it’s essential to have an effective anti-malware solution in place.

Maui is a powerful ransomware tool that not only encrypts target files with AES 128-bit encryption but also uses a unique RSA key to encrypt each key. This makes it virtually impossible to decrypt the files without the original key. What sets Maui apart from other traditional ransomware offerings is the fact that it’s not offered as a service to other affiliates for use in return for a share of monetary profits.

As North Korea continues to face economic hardship, its adversaries are increasingly resorting to ransomware attacks to generate much-needed revenue. In some cases, these attacks have resulted in extended disruptions to healthcare services.

While the initial infection vector is not yet known, it is clear that these campaigns exploit the willingness of healthcare organizations to pay ransoms in order to quickly resume operations. This highlights the need for improved security measures to protect against such threats.

According to the Sophos’ State of Ransomware in Healthcare 2022 report, 61% of healthcare organizations surveyed opted to settle compared with the global average of 46%, with only 2% of those that paid the ransom in 2021 getting their complete data back.

With attacks like these becoming a regular occurrence and it’s becoming harder to keep up, it makes sense to start conversations with an MDR like CyberMaxx. CyberMaxx becomes an extension of the organization’s IT departments, bringing over 20+ years of experience to the table:

  • Quickly ramping up expertise
  • 24/7 SOC
  • Reducing your team’s workload
  • Shared Knowledge from an Institutional Expert
  • Assistance with Compliance Tasks