Federal agencies issued an alert warning of state-sponsored North Korean actors using the Maui ransomware to target the health sector. Pictured: A flag of North Korea waves in the wind on a post at the North Korean Embassy on March 27, 2019, in Madrid. (Photo by Pablo Blazquez Dominguez/Getty Images)

Cyber actors sponsored by the North Korean government are using the Maui ransomware to target the health sector in the United States, federal agencies warned Wednesday in a joint alert.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury released the alert detailing the tactics, techniques and procedures (TTPs) that indicate a compromise (IoCs) by the Maui ransomware. 

The North Korean threat actors have targeted multiple healthcare organizations since May 2021 with the ransomware to encrypt servers responsible for services, including electronic health records services, diagnostic services, imaging services and intranet services, according to the FBI. 

The agencies discourage paying ransoms since it does not guarantee files will be recovered and may pose a sanctions risk, according to the alert.

View joint alert AA22-187A for details of TTPs, IoCs and mitigation suggestions.