Two North Korean ransomware operators and their associates were found to be in possession of about $500K, according to a Tuesday announcement from the U.S. Department of Justice (DOJ). To forfeit cryptocurrencies used to pay ransom to North Korean hackers or to otherwise launder such ransom payments, the department further said that it had filed a complaint in the District of Kansas.
The servers used to “hold crucial data and operate key equipment” at a Kansas medical institution were decrypted by the North Korean outfit last year, according to Monaco. The hospital paid the money that the robbers sought.
Blockchain was used by the FBI and Justice Department prosecutors to track the ransom payment. The deputy attorney general explained, “The FBI identified China-based money launderers—the kind that often assist North Koreans in ‘cashing out’ extortion payments into fiat currency. “Additional blockchain analysis revealed that these same accounts contained other ransom payments. The FBI traced those to another medical provider in Colorado and potential overseas victims.”
At the International Conference on Cyber Security 2022, Deputy Attorney General Lisa O. Monaco reaffirmed that “We seized roughly half a million dollars in ransom payments and cryptocurrency used to launder those payments.” “The FBI and Justice Department prosecutors have prevented the activities of a North Korean state-sponsored gang spreading ransomware known as ‘Maui,'” she continued. “Thanks to rapid reporting and cooperation from a victim.”
“Today, we have made public the seizure of those ransom payments, and we are returning the stolen funds to the victims”
Monaco announced the formation of a National Cryptocurrency Enforcement Team in October of last year (NCET). The initiative’s goal, according to the DOJ, is to “tackle complex investigations and prosecutions of illegal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure operators.” “The team will also assist in tracing and recovery of assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups.”