Maui Ransomware has made several targets since March 2021

There have been many cases linked to North Korea State-Sponsored threat actors. But who was the one to notice its attack and how many victims were victimized by the attacks of it, we should really talk about it? So, here let us tell you something about what Maui ransomware is and how it attacks systems, before moving toward the main story.

Ransomware and its functioning

Ransomware is customized malicious software specially designed to block access to a personal computer system. Cyber Criminals use this malware to make some monetary gains via victims. When the victim asks for the decryption key, then the attacker asks for a ransom to fulfill their (victim) demand. Now, what exactly happened in the case, let’s see.

May, 2021

The attacker exploited the servers of the medical center in the District of Kansas with the Maui ransomware. In order to get a decryptor from the adversary to recover the encrypted files, a Kansas hospital needed to pay approx $1,00,000 worth of Bitcoin as Ransom.

Just after that, the FBI received a notification from Kansas Medical Center that helped in investigating the incident. FBI was able to find the recent unknown Maui Ransomware, and in tracing the amount paid to China-based money launderers.

The attack took place in May 2021, and involved the victims:

  • Healthcare and Public Health Sector Organizations (HPH)

Government experts get several cases in which Maui Ransomware was used.

April, 2022

Kansas Hospital co-operated with the FBI. Due to this corporation, the payment records were found related to the $1,20,000 Bitcoin. Those payments were received by seized Cryptocurrency Accounts. Maui Ransomware was involved in this case too, that victimized a medical provider in Colorado, and this was confirmed by the FBI.

May, 2022

A sealed seizure warrant was filed by the FBI in May 2022. This warrant was filed due to the involvement of approx half a million dollars. Kansas and Colorado’s Health Care Providers were the victims that were affected by this event of millions of dollars. It was a case of ransom.

Just after the victimization of Kansas and Colorado’s Health Care Providers, the FBI seized both indulged cryptocurrency accounts. These accounts were used to receive the payments from the victims.

After that, the process of forfeiting the victimized funds was started just to return that amount of money to the victims. This process was held by the District of Kansas.

July 2022

“The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments.

A few days ago, a committee was issued by the trio of

  1. FBI
  2. CISA
  3. U.S. Treasury Department

This committee was formed to alert Organizations in the Healthcare Sector about the Maui Ransomware attacks used by North Korea-Linked Attackers. Moreover, this malware has been in use since May 2021 to target Healthcare and Public Health (HPH) Sector organizations.”

General Matthew G. Olsen (Assistant Attorney), National Security Division, Justice Department

Reporting Such events to Law Enforcement and helping with the investigation protects the United States. Receiving the Ransom amount back proves that it is worth it to cooperate with Law Enforcement.

Report | Maui Ransomware

This report consists of data about the TTP of the attackers using Ransomware. It also offers data on indicators of compromise IOCs. Government experts were the ones who got this data during the incident response activities and industry analysis of a Maui sample.

The North Korean Nation-State used this ransomware to encrypt servers offering health care services such as:

  • Electronic Healthcare Records Services
  • Diagnostics Services
  • Imagining Services
  • Intranet Services

It was confirmed that the services offered by HPH Sector Organization got disrupted due to this attack. Evidence of the truthfulness of this event was the report. Also, it doesn’t only affect an individual case but also affected several others.

Analyzation said this malware had the appearance of human-operated ransomware. So, it was confirmed that someone was operating this malware into the systems of those victims to get full access to their databases.


If you get the whole thing in front of you, you might have got the idea that how dangerous can malware become if it’s backed by unethical hackers. To calculate the severity of a malware attack you can still learn about how to do malware analysis.

If anyone tried to send you a malware project or just put it in your system you can have the techniques and tools to find out where they are. Nothing is impossible if you have the gall to do it. Several institutes are working on providing the courses that you prefer to learn malware analysis.

However, contacting Bytecode India can offer you the best opportunity to learn malware analysis with the best trainers with proficiency in their specific fields. Moreover, getting the opportunity to meet ends with online sessions can be a worthy token to achieve.

Bytecode is offering a Malware Analysis Course after 12th to several students for a long time. You can be one of those students that can surpass their ability to make their dreams come true. What are you waiting for? Enroll, Now!

Kindly read more articles :

Removed Android App Permissions Section Restored to the Google Play Store

Amazon made a big decision on suing 10k Facebook Groups!

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?