Two healthcare companies — one in Kansas and another in Colorado — are about to have about $500,000 in combined ransomware payments returned, after the Department of Justice was able to follow a cryptocurrency trail back to Maui operators and seize the extorted funds.
The Federal Bureau of Investigation seized the Maui-connected cryptocurrency accounts back in May and is now working through the courts with the Department of Justice to return the money to its victims. Maui is a strain of ransomware with ties to the North Korean state that focuses its crippling cyberattacks on healthcare and public health organizations.
The returned ransom success story is meant to serve as a signal to other targeted organizations that working with law enforcement following a cybersecurity incident is "good business," Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division said in a statement about the court filing.
"The FBI is dedicated to working with our federal and private sector partners to disrupt nation-state actors who pose a critical cyber-threat to the American people,” FBI Cyber Division Assistant Director Bryan Vorndran said about the recovered Maui ransomware payments. "We will continue to pursue these malicious cyber-actors, such as these North Korean hackers, who threaten the American public regardless of where they may be and work to successfully retrieve ransom payments where possible."