The FBI, CISA, and the Department of the Treasury are releasing this joint Cybersecurity Advisory to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health Sector organizations.
AA22-187A Alert, Technical Details, and Mitigations
Stairwell Threat Report: Maui Ransomware
North Korea Cyber Threat Overview and Advisories
Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments
National Conference of State Legislatures: Security Breach Notification Laws
Health Breach Notification Rule
Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches
StopRansomware.gov
CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.