The US Department of Justice has seized and returned nearly $500,000 in cash and cryptocurrency from a hacking group linked to the North Korean government, which included two payments of cryptocurrency made by US healthcare providers.
In an announcement on Tuesday, the Department of Justice and the FBI said it had investigated the payment of $100,000 in Bitcoin (BTC) ransomware from a Kansas hospital to a North Korean hacking group in order to regain access to their systems, as well as $120,000 USD in Bitcoin from a medical provider in Colorado to one of the wallets related to the aforementioned attack. In May, the FBI filed a forfeiture warrant for funds from two ransomware attacks and one laundered through China, which the Justice Department said totaled about $500,000.
“These sophisticated criminals are constantly pushing the boundaries to find ways to extort money from victims by forcing them to pay the Ramsons in order to regain control of their computers and recording systems,” said Duston Selinkard, the US District Attorney for the District of Kansas. “What these hackers do not count on is the insistence of the US Department of Justice to recover these funds and return them to their rightful owners.”
US Deputy Attorney General Lisa Monaco said in a speech to the International Conference on Cyber Security on Tuesday that authorities relied on private victims to report ransomware and other attacks “as soon as those crimes occurred”:
“If you report this attack, if you report and pay a ransom, and if you work with the FBI, we can take action; we can follow up on the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals to account. Working with us we stand by them in the aftermath of any incident.”
According to Monaco, the FBI and the Department of Justice tracked ransom payments through blockchain in the same way they found and seized more than $2 million in cryptocurrency following an attack on the Colonial pipeline system in 2021. The attorney general’s office belatedly announced the formation of a national team To enforce cryptocurrency under the supervision of the Department of Justice and the FBI’s Virtual Asset Exploitation Unit. Both teams aimed to tackle cybercrime used to “digital extortion” of funds, including cryptocurrency.
RELATED: US Federal Judge Approves DoJ Criminal Complaint Over Using Cryptocurrency to Evade Sanctions
Hacking groups linked to either North Korea or Russia have reportedly been responsible for several major ransomware and cyber attacks in the United States and globally. In April, the Treasury Department’s Office of Foreign Assets Control named North Korean cybercriminal Lazarus Group as the entity behind the March 2022 Ronin Bridge hack, which removed more than $600 million in crypto assets.