North Korean hackers are reportedly targeting healthcare facilities with ransomware attacks to fund their operations. A joint advisory from U.S. and South Korean cybersecurity and intelligence agencies has warned about the state-backed ransomware attacks that demand cryptocurrency ransoms in exchange for encrypted files. The purpose of these attacks is to support North Korea’s national-level priorities, including cyber operations targeting the U.S. and South Korean governments.
Threat actors from North Korea have a long history of conducting cyber attacks, including the infamous WannaCry ransomware attacks in 2017 that impacted hundreds of thousands of machines worldwide. Since then, North Korean nation-state hackers have used multiple ransomware strains such as VHD, Maui, and H0lyGh0st to generate illegal revenues for their sanctions-hit regime.
In their latest ransomware attacks, the North Korean hackers are using techniques such as exploiting known security flaws, using off-the-shelf tools for encrypting files, and even impersonating other ransomware groups. One of the methods used to distribute the malware is via a trojanized file of a messenger app called X-Popup in attacks targeting small and medium-size hospitals in South Korea.
To mitigate these threats, the agencies have recommended organizations to implement the principle of least privilege, enforce multi-layer network segmentation, and maintain periodic data backups, among other security measures.
A recent report from the United Nations found that North Korean hackers stole virtual assets worth between $630 million and over $1 billion in 2022. The report highlighted that the threat actors used increasingly sophisticated techniques to gain access to digital networks and steal valuable information that could be useful in North Korea’s nuclear and ballistic missile programs.
It is crucial for healthcare organizations and critical infrastructure facilities to be vigilant and proactive in protecting themselves from these ransomware attacks. By following the recommended security measures and keeping their systems updated, organizations can greatly reduce the risk of becoming a victim of these malicious actors.