The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, and the Department of the Treasury have released a joint alert about the Maui ransomware. The agencies state that the Windows executable maui.exe is designed for attackers to manually select files to be encrypted. According to the agencies, the unknown ransomware has already targeted the IT services of healthcare and public health organizations. The FBI has attributed the attacks to North Korean state sponsored actors that have been leveraging the Maui ransomware since May 2021.
The agencies believe that the ransomware strain will continue to be used on attacks in the healthcare industry as attackers may assume that this type of organization will have to give into ransom demands or face serious consequences or impacts in their ability to provide services critical to human life and health. The agencies state that the organizations should be wary of this ransomware strain. In addition, the advisory references a report created by a security reverse engineer Silas Cutler. Cutler does not name any specific APT group or region in his report on Maui.