U.S. seizes $500,000 from North Korean ransomware attacks on hospitals

U.S. law enforcement agencies recovered $500,000 from North Korean ransomware attacks on medical providers, the Justice Department announced. File Photo by Stephen Shaver/UPI
U.S. law enforcement agencies recovered $500,000 from North Korean ransomware attacks on medical providers, the Justice Department announced. File Photo by Stephen Shaver/UPI | License Photo

SEOUL, July 19 (UPI) -- U.S. law enforcement has recovered roughly half a million dollars in ransomware payments made to North Korean hackers by victims including a medical center in Kansas and a healthcare provider in Colorado, the Department of Justice announced.

"Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as 'Maui,'" Deputy Attorney General Lisa Monaco said Tuesday at a cybersecurity conference in New York.


North Korean hackers targeted the Kansas medical center in May 2021, encrypting its servers with ransomware and demanding a payment to restore access, according to a Justice Department statement. After about a week, the hospital paid about $100,000 in bitcoin to regain the use of its computers and equipment -- while also alerting authorities.

"Because the Kansas medical center notified the FBI and cooperated with law enforcement, the FBI was able to identify the never-before-seen North Korean ransomware and trace the cryptocurrency to China-based money launderers," the statement said.

RELATED New Biden order aims to punish groups, governments that detain Americans abroad

In April 2022, the FBI then observed a $120,000 payment into one of the flagged cryptocurrency accounts from a Colorado medical provider that had also been hacked with the Maui ransomware.


The next month, federal agents seized the contents of two crypto accounts that had received ransom payments from the healthcare providers, and the Justice Department began proceedings to recover the stolen money and return it to the victims.

"Reporting cyber incidents to law enforcement and cooperating with investigations not only protects the United States, it is also good business," Assistant Attorney General Matthew G. Olsen said. "The reimbursement to these victims of the ransom shows why it pays to work with law enforcement."

RELATED Despite COVID-19 surge in region, North Korea says it's close to 'defusing' outbreak

Earlier this month, a trio of U.S. government agencies publicized the threat from North Korean hackers targeting hospitals and other healthcare organizations in the United States with ransomware.

Washington also warned in April that North Korea was stepping up cyberattacks on cryptocurrency and blockchain platforms as the secretive regime looked for ways to evade international sanctions to fund its weapons programs.

The Pyongyang-affiliated Lazarus Group was behind the stunning theft of $620 million in cryptocurrency from an online video game network in March, the FBI concluded.

RELATED North Korean hackers targeting hospitals and healthcare providers, U.S. agencies warn

The Lazarus Group was also likely responsible for a $100 million heist last month from Horizon Bridge, a crypto transfer service operated by U.S.-based Harmony blockchain, according to a report by analytics firm Elliptic.


Researchers with Microsoft Threat Intelligence Center last week publicly identified another North Korean ransomware operation, called Holy Ghost, which has successfully compromised small businesses in multiple countries over the past year.

Latest Headlines


Follow Us