By Byun Duk-kun
WASHINGTON, July 6 (Yonhap) -- The Federal Bureau of Investigation (FBI) issued a cybersecurity advisory on Wednesday against ransomware that it said is being used by North Korean state-sponsored cyber actors.
The advisory, jointly issued by Cybersecurity and Infrastructure Security Agency and the Department of Treasury, said North Korean hackers have been using Maui ransomware since at least May 2021 to target healthcare and public health (HPH) sector organizations.
"Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations," said the joint advisory, also noting that in some cases the ransomware had disrupted services provided by targeted organizations for "prolonged periods."
"North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," it added.
The advisory said Maui ransomware is an "encryption binary," which allows a remote actor to interact with the malware and identify files to encrypt.
The issuing organizations noted North Korean state-sponsored cyber actors may have deployed the malware against healthcare and public health organizations as they likely assumed healthcare organizations "are willing to pay ransoms because these organizations provide services that are critical to human life and health."
They, however, said they "highly discourage" paying ransoms because "doing so does not guarantee files and records will be recovered and may pose sanctions risks."
Providing money or other goods to North Korea may be subject to punishment under U.S. and U.N. Security Council sanctions against Pyongyang.
North Korea is said to be increasingly using cyber attacks to secure funds for its nuclear and other weapons of mass destruction programs since the U.S. and U.N. sanctions have reduced most of its sources for hard currency.
The U.S. advisory urged caution by those in related sectors to mitigate ransomware attacks, which they said may include using multilayer network segmentation and securing personal identifiable information and patient health information and storing such information only on internal systems.
BTS' Jimin to release photo book next month
S. Korea to lift post-entry PCR testing requirement Saturday
S. Korea decides to scrap satellite launches using Russian rockets amid sanctions
(LEAD) S. Korea to lift post-entry PCR testing requirement Saturday
S. Korea does not recognize Russia's annexation of Ukrainian territory
S. Korean F-15K fighter fires 2 JADAM precision bombs in response to N.K. missile launch
(URGENT) N. Korea fires an unspecified ballistic missile toward East Sea: S. Korean military
(3rd LD) N. Korea fires IRBM over Japan: S. Korean military
N. Korea fires ballistic missile eastward: S. Korean military
(2nd LD) N. Korea fires suspected IRBM eastward: S. Korean military