A hacker held a Kansas hospital hostage for ransom. The FBI claims that blockchain analysis was able recover the stolen crypto. Last year, the FBI and U.S. Justice Department stopped North Korean state-sponsored hackers from trying to cripple an American hospital. They also seize $500,000 in cryptocurrency and ransom payment.
The DOJ’s Deputy attorney General Lisa O. Monaco stated in a Tuesday statement that a North Korean group had hacked the Kansas hospital system in 2021. They demanded a ransom and threatened to shut down the center’s servers.
According to the statement, ransom was paid by hospital staff after cyber criminals threatened that they would double the ransom within 48 hours. The DOJ statement didn’t specify whether the ransom payment was made in cryptocurrency.
Monaco stated today at the International Conference on Cyber Security 2022 in New York, “In that moment the hospital’s leaders faced an impossible choice–give up to the ransom demand of the nurses and doctors to provide critical care” She added that they also notified FBI, which was the right decision for them and future victims.
The hermit kingdom’s state-sponsored hackers are often up to no good. A January report revealed that North Korean hackers took $400 million from Bitcoin and Ethereum last year. In April, the U.S. government issued a cybersecurity advisory about North Korean illicit activity within the crypto space.
Monaco stated that FBI and DOJ prosecutors were capable of tracing the hacker’s actions and, through analysis of public Blockchain data, discovered where the thieves kept the stolen money: in the accounts Chinese-based money launderers, who help North Korean hackers convert crypto to cash.
The same tactics were used by the U.S. authorities to recover the Bitcoin stolen in the 2021 Colonial Pipeline Attack, as noted Monaco.
They also found ransom payments from another Colorado hospital and stolen cryptocurrency totaling half a billion dollars. Although the DOJ didn’t specify which cryptocurrency hackers had stored away, ransomware attackers typically collect either Crypto or a privacy currency like Monero.
Monaco said that the assets were taken by authorities a few weeks back. She stated that the authorities had made public the seizure and returned the ransom money to the victims.
