Federal Agencies Issue Alert Regarding Maui Ransomware | Foley Hoag LLP – Security, Privacy and Law


On July 7, 2022, three federal agencies — the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Treasury Department — issued a joint alert regarding Maui Ransomware, which has been linked to ransomware attacks against healthcare and public health entities carried out by North Korean state-sponsored cyber actors.

Here are the main recommendations of the alert:

  • Since at least May 2021, the FBI has noted several ransomware incidents involving the Maui ransomware in the healthcare and public health sector, targeting health records, diagnostic services, imaging services, and intranet services .
  • The agencies are also encouraging healthcare and public health facilities to take steps to prepare for ransomware:
    • Maintain offline backups and test these backups regularly.
    • Create, maintain and test cyber incident response plans and associated communications.
    • Secure personally identifiable information and personal health information at collection points and encrypt such data at rest and in transit, in accordance with HIPAA requirements.
    • Monitor mobile devices and the Internet of Things (“IoT”) or “smart” devices that behave erratically.
    • Create and regularly review internal policies regarding the collection, storage, access and monitoring of personally identifiable information and personal health information.
    • Deploy public key infrastructure and digital certificates to authenticate connections to network, IoT devices, and electronic health record systems.
  • Healthcare and public health facilities are also encouraged to follow best practices to prevent ransomware:
    • Secure and monitor Remote Desktop Protocol and similar services.
    • Implement user training on phishing and similar topics.
    • Use multi-factor authentication, especially for remote access, webmail, VPNs, critical systems, and systems that manage backups.
    • Use strong passwords and avoid reusing passwords for multiple accounts.
    • Require administrator credentials to install software.
    • Audit user accounts with administrative or elevated privileges.
    • Install and regularly update anti-virus and anti-malware software.
    • Avoid using public Wi-Fi networks.
    • Use an email banner to note messages from outside the organization.
    • Disable hyperlinks in received emails.

The agencies discourage affected entities from paying ransoms associated with Maui ransomware for two reasons: (1) it has traditionally not guaranteed recovery of affected data, and (2) pursuant to a September 2021 settlement. advisory from the Treasury Department, due to the existing sanctions against North Korea, it is possible that the payment of ransoms poses sanctions risks. Foley Hoag has published two prior alerts on the risks of sanctions posed by ransomware payments.

The agencies, however, encourage all relevant entities to report ransomware incidents to federal authorities to help agencies track and respond to such incidents.


Comments are closed.