Since these organizations offer critical services, the advisory noted detection techniques and mitigation measures to avoid falling prey to Maui – North Korean APT demanding hefty ransoms after locking down its healthcare targets.
Targeting Healthcare Providers
Warning that such attacks will continue, the advisory stated indicators of compromise and techniques the Maui group uses to exploit the target organizations.
When targeted, the Maui group locks up the healthcare provider’s electronic health records services, imaging services, diagnostics services, intranet services, etc., making the whole infrastructure useless for some time.
Holding the data and systems for a prolonged period forces the victimized healthcare management to pay the ransom as soon as possible, considering the sensitive services they provide to the public.
Yet, the agencies discourage the healthcare organizations from paying ransom since that doesn’t ensure the threat actors give away keys or blackmail them again later. So to avoid all these happening, the advisory mentioned mitigation techniques to be followed and to stay secure.
These include regularly installing the software updates, maintaining offline data backups, and readying up with a basic cyber incident response plan when an unexpected event occurs.
