North Korean hospital hacker indicted in the US

A North Korean national who may or may not still reside in his home country has been indicted for allegedly leading ransomware attacks against U.S. hospitals.

Announcing the action July 25, the U.S. Department of Justice said the criminal, Rim Jong Hyok, received the charge from a grand jury in Kansas City, Kan. The indictment accuses Rim of guiding a conspiracy to hack into hospitals and other provider organizations. The group extorted the victimized institutions, then laundered the proceeds and used them to fund more cybercrimes, according to the notice.

DOJ notes the ransomware attacks hindered the affected providers from taking optimal care of patients.

The criminal group may have a harder time carrying on with its dirty work now. Working with the FBI, the DOJ was able to intercept around $114,000 in ransomware payments and laundering operations before Rim and accomplices took hold of these monies, which had been tendered in virtual currencies.

The FBI and DOJ say they also seized online accounts used by the conspirators to carry out their malicious online activities.

$10 million bounty

Meanwhile the U.S. Department of State is offering a reward of up to $10 million for information leading to the location or identification of Rim.

The sum is part of State’s Rewards for Justice program, which maintains a standing reward offer for information leading to the identification or location of any person who, “while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure” in violation of the Computer Fraud and Abuse Act.

Justice notes past successes with the program, including the seizure of around $500,000 in ransom payments while the monies were in laundering accounts.

That sum included an entire ransom payment from one victim hospital.

How to hold Rim Jong Hyok to account?

Rim is believed to be a member of a North Korean military intelligence agency, the Reconnaissance General Bureau, in which he allegedly operates within a hacking outfit called the Andariel Unit.

The Associated Press notes the unlikelihood of Rim actually getting arrested.

“[T]he biggest outcome of the indictment is that it may lead to sanctions that could cripple the ability of North Korea to collect ransoms this way, which could in turn remove the motivation to conduct cyberattacks on entities like hospitals in the future,” AP reports, citing an analyst with the cybersecurity firm Recorded Future.

“Now, unfortunately, that will force them to do more cryptocurrency theft,” adds the analyst, Allan Liska. “So it’s not going to stop their activity.”

On the other hand, Liska points out, Rim’s group has been reckless enough that it victimized an entity in China, a close ally of North Korea. Says Liska, “China can’t be too thrilled about that.”

In DOJ’s announcement of the indictment, FBI deputy director Paul Abbate says the Rim group’s “unacceptable and unlawful actions placed innocent lives at risk. The FBI and our partners will leverage every tool available to neutralize criminal actors and protect American citizens.”