United States and South Korean government security agencies issued a warning Thursday about ransomware attacks by North Korea against the countries’ health care systems as well as other critical infrastructure.
North Korean cyber actors “have been using cryptocurrency generated through illicit cybercrime activities to procure infrastructure such as IP addresses and domains,” the National Security Agency said in a statement.
“The actors intend to conceal their affiliation and then exploit vulnerabilities and exposures (CVE) in order to gain access and escalate privileges on targeted networks to perform ransomware activities,” it says.
Mitigations listed in the advisory issued include limiting access to data by authenticating encrypting connections and turning off weak or unnecessary network device management interfaces.
Among other recommendations, the bulletin suggests maintaining isolated backups of data and regularly testing backup and restoring and creating, maintaining and exercising basic cyber incident response and associated communications plans.