WICHITA, Kan. (KSNW) – A North Korean man, Rim Jong Hyok, is being formally accused of participating in ransomware attacks on American hospitals , including one in Kansas.
Federal prosecutors announced Thursday that the man worked for one of North Korea’s military intelligence agencies.
The case began to unfold in May 2021, when hackers gained access to a Kansas hospital’s computer system using a previously unknown malware tool called Maui.
The tool encrypted four of that hospital’s computer servers, affecting medical services and patient appointments. Authorities have declined to disclose what hospital was attacked, saying they don’t want to damage its reputation.
The hackers left a ransom note demanding payment from the hospital to restore access to the servers. The note read in part:
“If you want to restore your files, you will need to make the payment. Otherwise, all your files will be posted in the internet, which may lead to loss of reputation and cause the troubles for your business.”
North Korean charged in ransomware attacks on American hospitals, including 1 in Kansas It also read:
“Please do not waste your time! You have only 48 hours! After that, the main server will double your price.”
The hospital paid the ransom and contacted the Federal Bureau of Investigation soon after.
“Because of this early engagement and the hospital’s ongoing cooperation with the FBI, the FBI was able to ID a cryptocurrency account linked to the scheme,” said Katie Brubacher, U.S. Attorney for the District of Kansas.
Brubacher said the government has forfeited those funds and is returning them to the Kansas hospital, but it was just one of several facilities across multiple states that fell victim to attacks from Hyok. Prosecutors said Hyok likely didn’t act alone.
The crimes were allegedly perpetrated as part of a group affiliated with the North Korean government.
The group is accused of targeting U.S. hospitals and public health providers and holding their data ransom for money. They allegedly used payouts from those entities to conduct other attacks, this time on companies that provide military weapons systems to the U.S.
“North Korea continues to carry out these sophisticated intrusions targeting the U.S. as a way to fund their military programs, thereby threatening the U.S. and other countries in the region,” said Stephen Cyrus, Special Agent in Charge at the Kansas City FBI field office.
In total, the Department of Justice says 17 victims were targeted in the hacking campaign.
Hospital providers in Arkansas, Florida, and Colorado, as well as a healthcare advocacy group in Connecticut, were also victims.
According to the FBI, over the past five years, ransomware and associated cyber incidents have cost U.S. companies tens of billions of dollars in losses.
The FBI is encouraging organizations to build a relationship with their local office and notify the FBI immediately if they experience a cybersecurity breach.
The U.S. Department of State is also offering a reward of up to $10 million for information on the man or his organizations. More information on that can be found here .
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. For the latest news, weather, sports, and streaming video, head to KSN-TV.
Most Popular
Comments / 0