The U.S. Department of Justice (DOJ) has seized $500K in ransom payments and cryptocurrency from a state-sponsored North Korean group. “We are returning the stolen funds to the victims,” Deputy Attorney General Lisa O. Monaco said, adding that the seized funds include ransoms paid by health care providers in Kansas and Colorado.
The U.S. Department of Justice (DOJ) announced Tuesday that it has seized and forfeited approximately $500K from North Korean ransomware actors and their conspirators. The department added that it has filed a complaint “in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments.”
The DOJ stated:
In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms paid by health care providers in Kansas and Colorado.
Deputy Attorney General Lisa O. Monaco reiterated Tuesday at the International Conference on Cyber Security 2022, “We seized approximately half a million dollars in ransom payments and cryptocurrency used to launder those payments.” She added: “Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui.'”
Last year, the North Korean group encrypted a Kansas medical center’s servers used to “store critical data and operate key equipment,” Monaco detailed. The attackers demanded ransom, which the hospital paid.
The FBI and Justice Department prosecutors traced the ransom payment through the blockchain. “The FBI identified China-based money launderers — the type who regularly assist North Koreans in ‘cashing out’ ransom payments into fiat currency,” the deputy attorney general detailed. “Additional blockchain analysis revealed that these same accounts contained other ransom payments. The FBI traced those to another medical provider in Colorado and potential overseas victims.”
Today, we have made public the seizure of those ransom payments, and we are returning the stolen funds to the victims.
In October last year, Monaco announced the creation of a National Cryptocurrency Enforcement Team (NCET). The aim of the initiative is “to tackle complex investigations and prosecutions of criminal misuses of cryptocurrency, particularly crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors,” the DOJ described. “The team will also assist in tracing and recovery of assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups.”
What do you think about the DOJ seizing ransom payments and cryptocurrency from a North Korean state-sponsored group? Let us know in the comments section below.