The United States is issuing a warning through the FBI about the Maui virus, a ransomware that comes from North Korea and that attacks servers of clinics and medical institutions.
“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services, including electronic health record services, diagnostic services, imaging services, and intranet services,” the federal agencies revealed.
“In some cases, these incidents disrupted services provided by targeted HPH Sector organizations for extended periods. The initial access vector for these incidents is unknown,” adds the federal police.
According to a written threat report Per Stairwell lead reverse engineer Silas Cutler, the Maui ransomware is manually deployed on compromised victims’ networks, with remote operators targeting specific files they wish to encrypt.
At a minimum, network defenders are advised to train users to detect and report phishing attempts, enable and enforce multi-factor authentication in their organizations, and keep anti-virus and anti-malware software up to date on all hosts.
“FBI Assesses North Korean State-Sponsored Cyber Actors Have Deployed Maui Ransomware Against Healthcare and Public Health Sector Organizations,” add joint notice.