A less known ransomware threat dubbed Maui has been and is likely to continue hitting healthcare organizations, a new CISA alert warns.
Maui is unusual in many ways: it does not show a ransom note, it does not rely upon external infrastructure to receive encryption keys, and it does not encrypt files and/or systems indiscriminately. Instead, its operators – believed to be North Korean state-sponsored cyber actors – operate it manually and choose which things to encrypt.
In Maui ransomware incidents the FBI has responded since May 2021, the attackers primarily encrypted servers responsible for healthcare services (electronic health records, diagnostics, imaging, and intranet). “In some cases, these incidents disrupted the services provided by the targeted Healthcare and Public Health (HPH) Sector organizations for prolonged periods,” CISA explained.