The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury issued a “white” joint cybersecurity advisory warning of ransomware threats against the U.S. health care and public sectors. The bureau said the threat stems from the North Korean state-sponsored “Maui” ransomware platform, which has been in use by cyber actors since at least May 2021. The FBI, jointly with the CISA and the Department of the Treasury, released resources, tactics, techniques and procedures, along with indicators of compromised systems, with the recommendation that organizations apply mitigation strategies and not pay ransom demands.
To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office here or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at CyWatch@fbi.gov. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov.
