The US Department of Justice (DOJ) has seized $500K in ransom payments and cryptocurrency from a state-sponsored North Korean group. Deputy Attorney General Lisa O. Monaco said, “We are returning the stolen funds to the victims,” adding that the seized funds also included ransom paid by medical providers in Kansas and Colorado.
DOJ Seizes Crypto from North Korean State-Backed Group
The U.S. Department of Justice (DOJ) announced Tuesday that it has seized and forfeited approximately $500K from North Korean ransomware actors and their co-conspirators. The Department added that it filed a complaint “in the District of Kansas to forfeit cryptocurrency that was paid as ransom to North Korean hackers or used to launder such ransom payments.”
The DOJ stated.
In May 2022, the FBI filed a sealed seizure warrant for approximately $500,000 worth of funds. The seized funds included ransom payments made by medical providers in Kansas and Colorado.
Deputy Attorney General Lisa O. Monaco reiterated Tuesday at the Cybersecurity 2022 International Conference that “we have seized approximately $500,000 in cryptocurrency used to pay ransom and launder that money.” She added, “Thanks to prompt reporting and cooperation from victims, FBI and DOJ prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui’.” He added.
Last year, the North Korean group encrypted a server at a Kansas medical center used to “store critical data and manipulate critical equipment,” Monaco detailed. The attackers demanded a ransom, which the hospital paid.
FBI and Justice Department prosecutors tracked the ransom payments through the blockchain.” The FBI identified China-based money laundering, a type that regularly assists North Korea in ‘cashing’ ransom payments into fiat currency.” The Deputy Attorney General elaborated. “Blockchain analysis revealed that these same accounts contained other ransom payments, and the FBI traced them to another medical provider in Colorado and a potential overseas victim.”
Today we are announcing that we have seized those ransom payments and are returning the stolen funds to the victims.
Last October, Monaco announced the creation of the National Cryptocurrency Enforcement Team (NCET). The purpose of this initiative, the Justice Ministry explained, is to “tackle the complex investigation and prosecution of criminal misuse of cryptocurrencies, in particular crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.” The team will also assist in tracking and recovering assets lost to fraud and extortion, including cryptocurrency payments to ransomware groups.”
Image credits: Shutterstock, Pixabay, Wiki Commons