US Seized $500K in Ransomware Payments and Crypto from North Korean Hackers

The US Justice Department has seized roughly $500,000 in digital payments and cryptocurrency from ransomware attacks launched by North Korean hackers. Deputy Attorney General Lisa Monaco said that US authorities have begun returning funds to relevant victims.

• The North Korean hackers attacked health care organizations in Kansas and Colorado last year by encrypting their computer systems. Later, a complaint filed by the unnamed Kansas facility allowed the FBI to look into the matter, identifying a new type of ransomware used by the North Koreans.
• The US authority seized ransom payments and cryptocurrency from “China-based money-launderers working for the North Koreans,” reported CNN. The news came on the prior warning issued by US authorities, stating that North Korea aimed to use ransomware to disrupt health services for prolonged periods.
• The half-million seizure was made possible because the FBI, the Secret Service, and the Treasury Department could track the cryptocurrency payments conducted by the criminal groups, including the involved money that violated US sanctions.
• Deputy Attorney General Lisa Monaco urged more companies to step up efforts to report similar ransomware attacks to the FBI while admitting the increasing difficulty of recovering ransomware payments paid by US businesses to perpetrators from Russia, Eastern Europe, and more.
• North Korea-backed hackers are notoriously known for compromising vulnerable crypto protocols and stealing hundreds of millions of digital assets. The latest incident came with the exploit of Harmony’s Horizon Bridge reportedly conducted by the Lazarus Group – the infamous Pyongyang-backed hacker group – which was also behind the $620M breach against Axie Infinity’s Ronin bridge in March.
• Of the $100 million worth of ETH stolen from Harmony, over 40% of the fund has been transferred to a Tornado Cash mixer, as Cryptopotato reported earlier.
• A recent report by Coincub noted that Pyongyang’s cyber army constitutes 7,000 personnel, responsible for at least 15 instances of crypto crime, with proceeds conservatively estimated at $1.59 billion.