Avertium’s healthcare ransomware overview summarizes U.S. government warnings about Maui ransomware, which the source says is believed to be operated by North Korean state-sponsored threat actors. Maui has affected healthcare providers since at least May 2021, including incidents involving encrypted servers used for diagnostic, imaging, and intranet services. The report notes that Maui’s initial access methods were unknown, but describes Stairwell’s finding that maui.exe is a manually operated encryption binary that lets operators choose targeted files for encryption. It also cites FBI tracing of a Kansas medical center ransom payment and seizure of cryptocurrency accounts tied to Maui operators, making the item relevant to DPRK-linked ransomware operations against healthcare.