North Korean Government Hackers Hit US Health Services with Ransomware

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

The FBI and other US agencies warned that North Korean government-backed hackers targeted multiple health organizations with ransomware attacks in 2021. These attacks caused disruptions in health services for “prolonged periods,” according to the agencies.

The North Korean hackers used ransomware to encrypt computer systems hosting electronic health records and diagnostics and imaging services, the FBI, Department of Treasury, and US Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory urging health care organizations to strengthen their cybersecurity measures.

In June, FBI Director Christopher Wray blamed Iranian government-backed hackers for a “despicable” cyberattack on Boston Children’s Hospital in 2021, which Tehran denied. While no ransomware was deployed in that case, Iranian hackers were the subject of another US advisory on ransomware in the health sector in November.

Additionally, in the fall of 2020, there was a wave of ransomware attacks on US hospitals from Russian-speaking cybercriminals. This included one incident in Oct. 202o that forced the University of Vermont to delay chemotherapy appointments.

In their advisory, the US agencies did not list the names of the organizations that fell victim to the North Korean hackers.

The Health Information Sharing and Analysis Center, a cyber threat sharing group for large health care providers around the world, did not identify any of its members as victims, according to Errol Weiss, the group’s chief security officer.

“I would imagine the victims were smaller organizations and not prepared to handle a ransomware attack,” Weiss told reporters.

Silas Cutler, a cybersecurity specialist who analyzed the ransomware and contributed to the federal advisory, said the malicious code is “manually” operated. This means that the attackers could choose which computer files they wanted to encrypt.

“A key open question for us has been: How does the attacker deliver ransom notes to impacted parties?” Cutler, principal reverse engineer at cybersecurity firm Stairwell, told reporters. The federal advisory will hopefully reveal more information from victims and provide cybersecurity experts with a clearer picture of the hackers’ operations, Cutler added.

The US government accused North Korea of developing the so-called WannaCry ransomware in 2017, which spread to more than 200,000 machines in 150 countries. This ransomware incident cost Britain’s National Health Service more than $100 million.

“Among its peers, North Korea is unique in their deep, active involvement in cybercrime,” said John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant. “Unlike other countries who may contract and bargain with domestic criminals, the North Korean state carries out cybercrime directly, against targets all over the globe.”

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.