Connect with us

Hi, what are you looking for?

Editor’s Pick

North Korean Maui ransomware actively targeting U.S. healthcare organisations

According to the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury, the North Korean state-sponsored ransomware operators have been running a campaign actively targeting U.S. healthcare organizations since at least May 2021.

The ransomware stood out due to a lack of certain vital features widely associated with ransomware-as-a-service (Raas) groups. Furthermore, the authorities have pointed out that North Korea used Maui ransomware to encrypt servers responsible for imagining, intranet, electronic health records, and diagnostics services. In some cases, the Maui ransomware has been found to have disrupted the services provided by U.S. healthcare organizations for prolonged periods.

It is believed that state-sponsored cybercriminals are likely to continue targeting U.S. health organizations. In fact, cybercriminals assume that U.S. organizations may be willing to pay high ransoms due to the critical services they provide to health and human life. Hackers behind Maui ransomware made at least $731 million last year, according to the cybersecurity company Chainalysis.

To minimize and mitigate the potential damage, HPH Sector organizations are urged to find and implement various practices, such as:

Limit access to data using digital certificates
Minimize the use of the administrative account
Turn off network device management interfaces.

Overview of the Maui Ransomware

Analysis of Maui samples has suggested that the malware was designed for manual execution via a command-line interface. Besides encrypting target-specific files with AES 128-bit encryption with a unique key, each of these keys has also been encrypted with RSA with a key pair generated the first time Maui is executed. Moreover, the RSA keys have been encrypted using hard-coded RSA public keys (unique for every campaign).

Interestingly, what makes Maui stand from the crowd is that it is not provided as a service to other affiliates for use in turn for a share of financial profits. However, the campaign depends on the willingness of U.S. healthcare entities to pay serious money so they can immediately recover from a cyber attack and ensure uninterrupted access to critical services.

The Sophos’ State of Ransomware in Healthcare 2022 showed that about 61% of U.S. healthcare entities surveyed have chosen to settle, compared with the 46% global average. However, only 2% of those who paid the ransom last year received their complete data back. It’s worth noting how North Korean adversaries have adapted new illegal tactics to generate a constant revenue stream for the cash-strapped country.

Unfortunately, such nation-state-sponsored ransomware attacks are likely to become typical international acts of aggression, with North Korea showing high interest in targeting various industries, such as healthcare, to fund its nuclear weapons program.

A report by Zscaler shows that attacks on the healthcare sector have significantly increased. Double extortion ransomware attacks have increased by a staggering 650% over 2021. With approximately 90% of web applications being critically exposed and highly susceptible to vulnerabilities, U.S. healthcare organizations present a larger attack surface than E.U. organizations.

How to Practice Cybersecurity?

Truth be told, any company can fall victim to a cyber attack. Most reports of cyber crimes come from educational and healthcare institutions, banks, government organizations, law firms, or nonprofits.

Cybersecurity isn’t just about one firewall issue on a single computer but about getting a better perspective on what’s happening in the IT world. Practicing cybersecurity starts with security teams considering their mindset about how they should handle threats. They won’t just isolate the cyber attack, but they’ll spend time searching for a full-blown attack. Companies will basically zoom out for a bigger perspective, detecting and stopping adversaries once they make their way into an organization.

Cyber Security Best Practices

While it may be challenging to stay protected from cyberattacks, it’s not impossible. Here’s what you should do:

Ensure your software is up-to-date to protect yourself from new or potential security vulnerabilities;
Use a VPN for any operating system to ensure a more secure and privatized network. A virtual private network will encrypt your connection and protect your data and confidential information, even from your ISP;
Disable your Bluetooth when you do not need it, as devices can be hacked via Bluetooth;
Enable 2-factor authentication;
Ensure to double-check a website for HTTPS;
Back up important files;
Avoid using public networks;
Invest as much as possible in security upgrades;
Install an SSL certificate on your website and enable an HTTPS;
Do not store important information in non-secure places;
Change your password regularly or put more effort into creating them;
Use antivirus;
Do not open suspicious emails;
Stay informed about cyber threats;
Extend your cybersecurity practice to your entire company;
Update your applications and plugins regularly.

Bottom Line

Cybersecurity is an ever-changing and developing field that requires keeping up to speed and learning new skills. As attacks have increased significantly, implementing modern cyber security is a crucial step for all organizations and companies looking to protect them from cyber threats. Ensure to keep cybersecurity top of mind at all times, so you can easily protect yourself, your business, your employees, and your website from the constant threat of cybercriminals.

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!



THE PESO strengthened against the dollar on Tuesday amid easing global oil prices and ahead of an expected increase in remittances due to the...


PHILIPPINE STOCKS extended their climb on Tuesday on last-minute bargain-hunting and ahead of the rebalancing of the MSCI. The bellwether Philippine Stock Exchange index...


The Government Service Insurance System headquarters in Pasay, Philippines. May 28, 2012. — BW FILE PHOTO THE government financial institutions (GFIs) that will be...


REUTERS THE European Chamber of Commerce of the Philippines (ECCP) urged the Philippines to eliminate tariffs on imports of all electric vehicles (EVs) regardless...


President Ferdinand Marcos Jr. answers questions from the media after his first Cabinet meeting in Malacañan Palace, July 5. — PHILIPPINE STAR/ KRIZ JOHN...


FREEPIK AN Israeli tech investor said a country’s legal system is a major consideration in attracting foreign investment, and urged legislators to reform the...

You May Also Like


BW FILE PHOTO GROSS BORROWINGS by the National Government reached P2.6 trillion as of end-September as it continued to raise funds to respond to...


REUTERS By Luz Wendy T. Noble, Reporter The country’s foreign exchange buffers slightly increased as of end-October as the value of the central bank’s...


KARASOLAR.COM TENA, Ecuador — Ecuador’s rainforest Achuar people say their ancestors long dreamed of a “fire canoe” or “electric fish” that would let them...


COVID-19 has had a significant impact on the mental health of Filipinos across different groups all over the archipelago. From frontline workers, parents balancing...

Disclaimer: Respect, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2022 Respect Investment. All Rights Reserved.