[MART] - Daily Diary #547 - Maui Ransomware Targeting U.S. Healthcare

[CTAS-MAT]

Hello,
I hope everyone is doing well!

Below is the entry for today.

07/07/2022 - Daily Diary #547

This week CISA, FBI, and the Department of the Treasury in the U.S. released a joint advisory against Maui ransomware. Maui Ransomware is believed to be operated by a North Korean state-sponsored cybercrime group. According to the advisory, since May 2021, the group has been targeting U.S. Healthcare and Public Health organizations. Unlike most ransomware covered in our recent Daily Diaries, Maui is not offered as a service.

When encrypting the files, the ransomware uses the popular RSA + AES combination, seen in many of our Daily Diaries. As an additional security layer, the RSA is encrypted using another hard-coded RSA public key, unique for each campaign.

This is not the first time we covered healthcare being targeted by ransomware attacks. Being a sensitive kind of organisation, it's very profitable for ransomware attackers. We highly recommend all critical organizations to implement strict security measures, following the Zero Trust mindset to minimize the impacts of cybersecurity incidents.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Manager, MART
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220707/83e1c19f/attachment.htm>