The Federal Bureau of Investigation (FBI), Cybersecurity & Infrastructure Security Agency (CISA), and the U.S. Department of the Treasury have released a joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware. They believe North Korean state-sponsored cyber actors have used Maui ransomware since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.
Maui ransomware utilizes a hybrid encryption approach to render its victim’s files useless. Maui is designed for manual execution by the threat actor, allowing its operators to specify which files to encrypt and target the most important assets on a network.
The updated CSA highly discourages paying ransoms as it does not guarantee files will be recovered and may pose sanctions risks. The CSA encourages entities to adopt and improve cybersecurity practices and report ransomware attacks to law enforcement.
To ensure appropriate oversight activities, we’ve identified five key steps to incorporate into your risk management plans: