The FBI, CISA and U.S. Department of the Treasury have issued a joint advisory warning of alleged North-Korean-backed threat actors using Maui ransomware in attacks against healthcare and public health (HPH) organizations.
Maui ransomware is an encryption binary and is designed for manual execution by a remote actor. It doesn't leave a ransom note on encrypted systems. The threat actors use a command-line interface to interact with the Maui from afar, and to identify files to encrypt. These might include electronic health records services, diagnostics services, imaging services and intranet services.
The agencies believe these attacks will continue because the attackers will assume that organizations like these will be forced to pay up every time. Paying a ransom demand does not guarantee you will get your data back, nor does it free you from recovery costs, and those who do pay may be marked as a target for repeat attacks.
Acronis Cyber Protect Cloud detects and blocks ransomware with its included Active Protection, while the efficient backup and disaster recovery capabilities get you back up and running quickly in the event of system compromise.