The United States Department of Justice seized and returned approximately $500,000 in crypto and fiat from a hacking organization linked to the North Korean government. This included two payments made by U.S. healthcare providers.
On Tuesday, the Justice Department announced that it would be closing its offices. said In collaboration with the FBI, it investigated a $100,000 ransomware (BTC) payment to a Kansas hospital for a North Korean hacking group to regain their systems. It also investigated a $120,000 BTC transfer from a Colorado doctor to one of the wallets associated to the aforementioned attack. The FBI filed a seizure order for the funds of the ransom attacks and other money laundered through China in May. The Justice Department reported that the total amount was approximately $500,000
“These sophisticated criminals are constantly pushing boundaries to search for ways to extort money from victims by forcing them to pay ramsons in order to regain control of their computer and record systems,” said Duston Slinkar, U.S. Attorney for the District of Kansas. “What these hackers don’t count on is the tenacity of the U.S. Justice Department in recovering and returning these funds to the rightful owners.”
U.S. Deputy attorney General Lisa Monaco said in a speech for the International Conference on Cyber Security on Tuesday that authorities relied on victims from the private sector to report ransomware attacks and others “as soon as those crimes occur”:
“If you report that attack, if you report the ransom demand and payment, if you work with the FBI, we can take action; we can follow the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals accountable. Those companies that work with us will see that we stand with them in the aftermath of an incident.”
— Justice Department (@TheJusticeDept) July 19, 2022
Monaco claims that the FBI and Justice Department tracked ransom payments through blockchains in the same manner they found and seized over $2 million worth of crypto after an attack on the Colonial Pipeline System in 2021. The Office of the Attorney General late announced the formation of a National Cryptocurrency Enforcement Team under the Justice Department, and a Virtual Asset Exploitation Unit under the FBI. Both teams were aimed at addressing cybercrimes used for “digital extortion” of funds, including crypto.
Related: US Federal Judge approves Justice Dept Criminal Complaint on Crypto To Evade Sanctions
Reports claim that hackers connected to Russia and North Korea are responsible for major ransomware and cyberattacks in the United States and around the world. In April, the Treasury Department’s Office of Foreign Assets Control named North Korean cyber-criminal Lazarus Group as the entity behind a March 2022 hack of Ronin Bridge, in which more than $600 million in crypto assets were removed.