North Korean State-Sponsored Cyber Actors Use Ransomware to Target the HPH

Jul 6, 2022

Maui Ransomware being use in HPH attacks

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) have released an advisory to give information about Maui ransomware, which North Korean state-sponsored cyber hackers have utilized since May 2021 to target Healthcare and Public Health (HPH) Sector businesses.


This joint CSA includes tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) on Maui ransomware from FBI incident response actions and an industry study of a Maui sample. FBI, CISA, and Treasury encourage HPH Sector and other critical infrastructure organizations to adopt the advice in this CSA to prevent ransomware compromise. Maui ransomware victims should contact the FBI or CISA immediately.


FBI, CISA, and Treasury discourage paying ransoms as it does not ensure file recovery and may pose sanctions concerns. In September 2021, the Treasury revised its guidance on ransomware sanctions risks and updated preemptive actions firms should take to reduce them. This update advises U.S. companies to implement and strengthen cybersecurity procedures and report ransomware assaults to authorities. When impacted parties take these proactive efforts,


CISA's North Korea Cyber Threat Overview and Advisories website has more on state-sponsored cyber activities.