The malware, known as “Ryuk,” attacks computer networks but remains invisible to average users for weeks or months. During that time, it collects information about the organization and its perceived ability to pay a ransom.
Ryuk then locks files, demanding the network owner pay a sum of money to make them accessible again.
The impact of the malware attack has been wide-ranging for the three affected hospitals, located in Toronto and southwestern Ontario. Email systems were taken offline, health-care records became harder to access and patients were warned of longer wait times.
Employees had to transcribe patient information onto paper by hand. Hospital officials stressed, though, no data had been accessible to the hackers.
Sarah Downey, president and CEO of Toronto’s Michael Garron Hospital, said the Ryuk malware first struck a laptop before it spread to the network. (Ed Middleton/CBC)
The malware “came into our system, but no data left our hospital,” said Sarah Downey, CEO of Toronto’s Michael Garron Hospital. “It was picked up by a firewall before the data could leave.”
The same day, the Listowel Wingham Hospitals Alliance said on Facebook its two hospitals in rural southwestern Ontario were suffering an “information technology system disruption, which means our clinical applications are affected.”
All three hospitals said they paid no money to retrieve their files and no specific amount was demanded. Systems at all three facilities are in the process of being restored, the hospitals said.
The RCMP urges malware victims not to pay any ransom because there’s no guarantee the files will be unlocked. Cyber criminals may even demand more money or identify the victim as a target for further attacks.
First identified in Aug. 2018, cybersecurity experts estimate Ryuk netted hackers the Bitcoin equivalent of $3.7 million US within five months.