On Wednesday, the FBI, CISA, and the US Treasury Department warned that organizations in the healthcare industry are being targeted by North Korean state-sponsored threat actors using Maui ransomware. These attacks started in May 2021 and are ongoing.
Maui is unique in that the entire process is manual. An attacker must execute the ransomware, designate the target directory to start encrypting, and manually retrieve the encryption keys to generate the decryption tooling. There are also no embedded instructions for paying the ransom, so the threat actor must also reach out manually to provide instructions.