US and South Korean government security officials issued a warning on Thursday about ransomware attacks by North Korea targeting the countries’ healthcare systems as well as other critical infrastructure.
North Korean cyber actors “have used cryptocurrency generated through illicit cybercrime to acquire infrastructure such as IP addresses and domains,” the National Security Agency said in a statement.
“The actors intend to hide their affiliation and then exploit vulnerabilities and exposures (CVEs) to gain access and escalate privileges on targeted networks to conduct ransomware activities,” it said.
The measures outlined in the issued advisory include limiting access to data by authenticating encrypting connections and shutting down weak or unnecessary network device management interfaces.
Among other recommendations, the bulletin suggests maintaining isolated backups of data and regularly testing backups and restores, as well as creating, maintaining and practicing basic cyber incident response and associated communications plans.