FBI Recovers $500,000 From Maui Ransomware; Payments Made by Healthcare Organization

The Maui ransomware strain’s programmers sought bitcoin payments from American healthcare facilities, according to a pronouncement from the U.S. Department of Justice.

The FBI and CISA highlighted Maui at the beginning of this month as a novel botnet campaign orchestrated by North Korea that used encrypted operational processes to blackmail western firms.

The specific ransomware operation showed a preference for targeting healthcare and public health organizations and resulting in life-threatening service interruptions.

According to the DoJ release, the FBI received a security incident report from a Kansas hospital, which led to the identification of the new strain. In May 2021, the Kansas hospital paid the Maui ransomware group around $100,000 to repair its IT network after a hack that encrypted its patient records.

Law enforcement soon after was able to track another payment of $120,000 from a medical provider in Colorado as a result of their prompt reporting of the occurrence to the FBI. In May 2022, these two transfers together with an unspecified number of other payments totaling $280,000 were finally confiscated, making the total amount recovered just over US$500,000.

This instance serves as an example of the significance of immediately notifying law enforcement of ransomware events so that signs of intrusion can be investigated and payments can be more readily tracked. Law enforcement officials can also identify threat actors, file charges against them, and occasionally arrest them if they follow the money