The FBI, CISA, and U.S. Treasury Department have issued a coordinated warning against North Korean-backed threat actors who are utilizing the Maui ransomware to attack healthcare and public health organizations across the U.S.
What’s at risk?
The FBI responded to attacks by the Maui group in May 2021 and discovered many Maui ransomware incidents that had an impact on the Healthcare and Public Health (HPH) sector.
The Maui ransomware encrypts servers that are used by healthcare-related intranet services, diagnostic services, electronic health record services, and imaging services, according to the federal agencies.
The services provided by HPH Sector firms were interrupted for a long time by these threat actors.
The initial access vectors for the incidents are still unclear.
How is the malware deployed?
A threat analysis claims that Maui ransomware is manually installed across infected victims' networks, with remote controllers selecting certain files to encrypt.
In contrast to other ransomware strains, Maui distinguishes itself by failing to leave a ransom letter on victims' encrypted systems with instructions for data recovery.
How to protect the HPH sector?
The IOCs that the FBI collected while looking into the Maui ransomware assaults have been listed by the three U.S. federal agencies, along with the mitigation tips.
There are recommendations for the firms in the sector to use a set of controls that may help thwart ransomware threats.
Maintain up-to-date antivirus and antimalware software on all systems, and enable and enforce multi-factor authentication across businesses.
Users should be taught to recognize and report phishing efforts by network defenders.
Conclusion
Threat actors believe that because healthcare institutions offer essential services, their victims would be an easy target to extort from. Organizations in the HPH sector can refer to the Department of Treasury's guidance regarding the possibility of sanctions associated with ransomware payments.