The FBI seizes $ 500,000 in crypto and ransom money from North Korean hackers
by Arthur · July 19, 2022
Last year, the FBI and the US Department of Justice prevented attempts by North Korean state-sponsored hackers to paralyze a US hospital – seizing $ 500,000 in cryptocurrency and ransom money in the process.
In a Tuesday statement, DOJ’s Deputy State Attorney Lisa O. Monaco so the North Korean group hacked a hospital in Kansas in 2021 and demanded ransom, threatening to paralyze the center’s servers if their demands were not met.
The hospital’s employees paid ransom after cybercriminals threatened to double the amount within 48 hours, the statement said. The DOJ declaration did not specify whether ransom was paid in cryptocurrency.
“At that moment, the hospital’s management was faced with an impossible choice – give in to the ransom demand or the ability of lame doctors and nurses to provide critical care,” Monaco said today at the International Cyber Security Conference (ICCS) 2022 in New York. . “But they also alerted the FBI, which was the right thing to do for themselves and for future victims,” she added.
State-sponsored hackers from the hermitage regularly have no use: a January report knew North Korean hackers stole $ 400 million in Bitcoin and Ethereum last year. And in April, the US government released a cybersecurity advisory on North Korean illegal activity in the crypto space.
Monaco’s statement added that the FBI and DOJ prosecution were able to track the actions of the hackers and by analyzing the public blockchain data, found where the criminals kept the stolen funds: in the accounts of China-based money launderers who regularly help North Korean hackers turn crypto into cash.
US authorities used the same tactics as they did then recovered Bitcoin stolen during the Colonial Pipeline attack in 2021, Monaco noted.
During the search, they received a number of other ransoms – including another hospital in Colorado – as well as stolen cryptocurrency, for a total of half a million dollars. The DOJ did not specify which cryptocurrency the hackers had hidden away, although ransom attackers will usually collect either Bitcoin or a privacy coin such as Monero.
Monaco added that a few weeks ago the authorities were able to seize these assets. “And today we have announced the seizure of this ransom, and we are returning the stolen funds to the victims,” she said.
Do you want to become a crypto expert? Get the best from Decrypt right to your inbox.
Get the biggest crypto news + weekly summaries and more!