Two crypto payments made by American healthcare providers were among the $500,000 in fiat and cryptocurrency that the US Department of Justice confiscated and later restored from a hacking gang linked to the North Korean government.
The Justice Department and the FBI announced on Tuesday that they had looked into a $100,000 Bitcoin (BTC) ransom payment made to a North Korean hacking group by a Kansas hospital in order to regain access to its systems, as well as a $120,000 Bitcoin (BTC) payment made by a Colorado healthcare provider to one of the wallets linked to the aforementioned attack.
The Justice Department received a seizure request from the FBI in May for money from the two ransom attacks and other money that had been laundered through China, which was reported by Justice Department as roughly $500,000
“These sophisticated criminals are constantly pushing boundaries to search for ways to extort money from victims by forcing them to pay ransons in order to regain control of their computer and record systems,” said Duston Slinkard, U.S. Attorney for the District of Kansas.
“What these hackers don’t count on is the tenacity of the U.S. Justice Department in recovering and returning these funds to the rightful owners.”
In an address for the International Conference on Cyber Security on Tuesday, U.S. Deputy Attorney General Lisa Monaco noted that law enforcement depends on victims from the business sector to report ransomware attacks and other crimes “as soon as such crimes occur:
“If you report that attack, if you report the ransom demand and payment, if you work with the FBI, we can take action; we can follow the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals accountable. Those companies that work with us will see that we stand with them in the aftermath of an incident.”
Monaco claims that the FBI and Justice Department discovered and seized more than $2 million in cryptocurrency after an attack on the Colonial Pipeline system in 2021 by monitoring the ransom payments through the blockchain.
The National Cryptocurrency Enforcement Team and the Virtual Asset Exploitation Unit have been formed, according to a late announcement from the Office of the Attorney General.
Both teams focused on combating cybercrimes that involved “digital extortion” of money, including cryptocurrency.
Numerous significant ransomware and cyber attacks in the United States and around the world have purportedly been carried out by hacking groups affiliated with either North Korea or Russia.
In April, the Office of Foreign Assets Control of the Treasury Department identified the Ronin Bridge hack that resulted in the theft of more than $600 million in cryptocurrency assets as being the work of the North Korean cybercriminal Lazarus Group.