July 21, 2022

The U.S. Department of Justice has seized US$500,000 worth of Bitcoin from suspected North Korean hackers.

According to Deputy Attorney General Lisa O. Monaco, the successful recovery of funds was made possible thanks to a swift report to the FBI from an unnamed Kansas hospital.

Court documents say the Kansas hospital was unable to access its IT systems for a week after hackers used the ransomware strain called Maul to encrypt its files and servers.

Although the hospital paid US$100,000 in Bitcoin to recover its systems, the incident and payment was reported to the FBI. The FBI was able to identify the ransomware linked to North Korea and trace the cryptocurrency to China-based money launderers.

In addition to the US$100,000 recovered, another US$120,000 Bitcoin payment was made to the criminal cryptocurrency accounts, and the FBI identified the second victim as another Colorado medical provider.

Although the process of seizing and retrieving funds remain unknown, the FBI said it had returned the money to the two healthcare providers. Details of the remaining funds remain unknown.

Deputy Attorney General Monaco commended the hospital for reporting the incident.

“Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain,” she said.

The sources for this piece include an article in BBC.