US seizes stolen funds from suspected North Korean hackers

Image source, Getty Images

The US Department of Justice seized half a million dollars from suspected North Korean hackers.

The healthcare providers were attacked by the hackers with a new strain of Ransomware.

The US authorities have already returned some of the money that was paid in the past.

As US authorities warn that North Korea is becoming a major threat, a rare successful seizure has taken place.

The deputy attorney general praised a Kansas hospital for alerting the FBI about the attack.

She said that this allowed them to recover their ransom payment as well as a ransom paid by previously unknown victims.

The files and server of a medical centre in Kansas were hacked in May of 2021.

Users are usually locked out of the system until a payment is made.

After spending a week not being able to access its IT systems, the Kansas hospital decided to pay $100,000 in Bitcoins to get its computers and equipment working again.

It is not illegal to pay a hacker's ransom, but it is discouraged by law enforcement.

The FBI says it was immediately notified of the payment by the medical centre and was able to identify the never-before-seen ransomware linked to North Korea and trace the currency to China.

The $120,000 payment to one of the criminal accounts was identified by the agents. This turned out to be a medical provider in Colorado which had just paid a Ransom after being Hacked by the Maui Ransomware criminals.

The FBI said it returned the money to the two healthcare providers, but didn't say where the rest of the money came from.

It is not known how the FBI was able to seize the funds, but Tom Robinson, founder and chief scientist of Elliptic, said the seizure may have come about as the hackers tried to exchange their Bitcoins for traditional currency.

It's likely that the investigators were able to find the exchanger where the money would have been sent in order to cash out. Exchanges can seize their customers' funds if they are forced to do so.

Image source, Europol

There is a chance that the money was taken from the laundered money. This is more difficult as it requires access to the wallet's private key, which is a password that can be used to access the wallet.

In countries like North Korea and Russia, where law enforcement agencies do not co-operation with Western requests for assistance, US authorities are using new tactics to steal back extorted funds from cyber-criminals.

Jen Ellis, from cyber-security firm Rapid7, says that these seizures are very rare and that it highlights the value of quick reporting of cyber-extortion incidents.

The more information they have on attacker groups' tactics, techniques, and procedures, the more likely they are to be able to disrupt, deter, and respond to attacks.

The US recovered most of the money paid to the cyber-criminal gang in June of last year.

The US clawed back $6m from the REvil gang in November of 2011.

For a long time, North Korea has been accused of directing hacks aimed at making money for the state.

The Lazarus Group of hackers have been accused of trying to take $1 billion from a Bangladesh bank.

Last month the US cyber-authorities issued a warning about North Korean hackers launching attacks against US hospitals, despite the fact that the group has been linked to lucrative attacks on cryptocurrencies.

The authorities did not provide evidence that North Korea was behind the attacks, but the assessment stated that it had been used by North Korean state-sponsored cyber-actors to target healthcare organizations.