North Korean hacker indicted for ransomware attacks on U.S. hospitals

A North Korean government hacker has been charged for his involvement in a series of ransomware attacks that crippled healthcare infrastructure across the United States. The U.S. is offering a reward for any information that could lead to his capture.

What happened

Rim Jong Hyok, a member of the notorious North Korean hacking group Andariel (also known as APT45), has been indicted by a U.S. grand jury for his role in orchestrating a string of ransomware assaults on American hospitals and healthcare organizations. These attacks, which spanned from May 2021 to April 2023, disrupted medical services and put countless lives at risk.

The indictment alleges that Hyok and his co-conspirators gained unauthorized access to the targeted networks, installed the Maui ransomware, and attempted to extort hefty ransoms from the victims. The funds obtained through these illicit activities were then funneled into financing further malicious cyber operations targeting U.S. government entities and defense contractors.

Going deeper

Andariel, the hacking group Hyok is affiliated with, has been active since at least 2009 and is known for its espionage and data theft activities, particularly targeting military and government personnel. However, the group has also engaged in financially motivated ransomware attacks to generate funds for its ongoing cyber campaigns.

In the case of the attacks on U.S. healthcare providers, the Maui ransomware encryption affected important medical services, including medical testing and electronic medical record systems. One such attack on a Kansas hospital in 2021 resulted in the hospital paying a $100,000 ransom to recover the stolen data.

What was said

"Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea's illicit activities," said FBI Deputy Director Paul Abbate. "These unacceptable and unlawful actions placed innocent lives at risk. The FBI and our partners will leverage every tool available to neutralize criminal actors and protect American citizens."

Why it matters

The indictment of Rim Jong Hyok and the ongoing efforts to put an end to the activities of the Andariel hacking group are steps in safeguarding the integrity of healthcare infrastructure in the United States. These ransomware attacks put patient lives at risk and undermine the ability of healthcare providers to deliver necessary services.

FAQs

Who is Rim Jong Hyok, and what is his role in the ransomware attacks? 

Rim Jong Hyok is a member of the North Korean hacking group Andariel (APT45). He has been indicted by a U.S. grand jury for his involvement in orchestrating a series of ransomware attacks on U.S. hospitals and healthcare organizations between May 2021 and April 2023.

What is the U.S. government's response to these attacks? 

The U.S. government, through the FBI, Department of Justice, and other agencies, has vowed to relentlessly pursue and hold accountable the perpetrators of these attacks. The indictment of Rim Jong Hyok and the offer of a $10 million reward for information leading to his capture are part of these efforts to end the activities of the Andariel hacking group.

What is the broader significance of these ransomware attacks and the indictment of Rim Jong Hyok? 

The fact that these ransomware attacks were orchestrated by a North Korean state-sponsored actor shows the geopolitical implications of the situation. The U.S. government's determination to hold Hyok and his co-conspirators accountable sends a strong message that such cyber activities will not be tolerated and that the perpetrators will face severe consequences.