FBI recovers ransomware payments paid out by hospitals

ID theft
(Image credit: Future)

The FBI has managed to track down, and retrieve, almost half a million dollars extorted from multiple American healthcare organizations in ransomware demands.

In its announcement, the U.S. Department of Justice (DoJ) described how when a hospital in Kansas was struck by the Maui ransomware in May 2021, it quickly notified law enforcement, which was a crucial move that eventually led not just to the retrieval of the funds, but to a lot more. 

The FBI said that timely disclosure helped to obtain, and analyze, a brand new malware strain, and eventually identify the perpetrators and return the money.

Obtaining a brand new ransomware strain

The Maui perpetrators were identified as a North Korean state-sponsored threat actor. 

The Kansas hospital had paid some $100,000 in cryptocurrencies in exchange for the decryption key, while another medical services provider in Colorado had paid $120,000 shortly after. 

Following the money helped the FBI identify an “undisclosed number” of additional payments, amounting up to $280,000, with the total amount seized in May 2022 amounting to some $500,000.

“Thanks to rapid reporting and cooperation from a victim, the FBI, and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui’,” explained Lisa O. Monaco, Deputy Attorney General.

“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain.”

Even though cryptocurrencies are often perceived as a great tool for cybercriminals, it’s actually a lot easier to track money going over the blockchain, compared to traditional finance. Blockchain’s very nature is pseudonymous, rather than anonymous, and once an identity is connected to a specific wallet, tracking the flows of money becomes a lot easier. 

The cryptocurrency industry does have its own money launderers, but as BleepingComputer reports, following the money laundering process after the ransom payment can help the police identify, and possibly arrest, the threat actors.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.