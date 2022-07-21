Last year, a shadowy North Korean cybercriminal group approached a Kansas hospital to demand a hefty ransom after hacking its critical computer systems.

“In that moment, the hospital’s leadership faced an impossible choice—give in to the ransom demand or cripple the ability of doctors and nurses to provide critical care,” said the Department of Justice’s Deputy Attorney General Lisa O. Monaco. “But they also notified the FBI, which was the right thing to do for themselves and for future victims."

The North Korean group promised to increase their ransomware demand if the hospital did not assent to their ransomware request. Although the Kansas hospital ultimately paid the ransom — which may or may not have been in cryptocurrency — U.S. law enforcement was ultimately able to recoup part of their ransom with the help of blockchain analytics data that traced the flow of illicit money to money launderers in China, who frequently assist North Koreans in their crypto heists.

“We have made public the seizure of those ransom payments, and we are returning the stolen funds to the victims,” Monaco said this month about returning $500,000 to the hospital. Many of the strategies to recover the funds echoed those successfully used to regain Bitcoin after the 2021 Colonial Pipeline attack.

Last year, North Korean cybercriminals stole $400 million in cryptocurrency, according to data from Chainalysis.

This spring, the U.S. government issued a cyber advisory about North Korean groups targeting the crypto and blockchain industry, with a particular focus on "crypto exchanges, decentralized finance protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, [and] venture capital funds investing in cryptocurrency."