Here's what we know about the ransomware that hit 3 Ontario hospitals

CBC

October 4, 2019 at 4:00 a.m.

Hackers have crippled the computer systems of three Ontario hospitals in recent weeks, prompting concern about the type of malicious software used and whether more facilities may be at risk.

The malware, known as "Ryuk," attacks computer networks but remains invisible to average users for weeks or months. During that time, it collects information about the organization and its perceived ability to pay a ransom.

Ryuk then locks files, demanding the network owner pay a sum of money to make them accessible again.

The criminals behind the attack "will learn how you operate from A to Z… then they'll hit you," Zohar Pinhasi, a Florida-based cyber counterterrorism expert told CBC News. He said it's likely other Canadian hospitals are affected and haven't yet detected it.

"If you get hit by them, it would be devastating."

Delays for patients, headaches for staff

The impact of the malware attack has been wide-ranging for the three affected hospitals, located in Toronto and southwestern Ontario. Email systems were taken offline, health-care records became harder to access and patients were warned of longer wait times.

Employees had to transcribe patient information onto paper by hand. Hospital officials stressed, though, no data had been accessible to the hackers.

The malware "came into our system, but no data left our hospital," said Sarah Downey, CEO of Toronto's Michael Garron Hospital. "It was picked up by a firewall before [the data] could leave."

Michael Garron Hospital, formerly known as the Toronto East General, posted a message on its website on Sep. 26, alerting the public that it had "discovered a virus on one of the IT systems."

The same day, the Listowel Wingham Hospitals Alliance said on Facebook its two hospitals in rural southwestern Ontario were suffering an "information technology system disruption, which means our clinical applications are affected."

All three hospitals said they paid no money to retrieve their files and no specific amount was demanded. Systems at all three facilities are in the process of being restored, the hospitals said.

The RCMP urges malware victims not to pay any ransom because there's no guarantee the files will be unlocked. Cyber criminals may even demand more money or identify the victim as a target for further attacks.

First identified in Aug. 2018, cybersecurity experts estimate Ryuk netted hackers the Bitcoin equivalent of $3.7 million US within five months.

Pinhasi, the U.S.-based expert, said the hackers "are sitting on a goldmine."

In an advisory last June, the U.K.'s National Cyber Security Centre warned the malicious code associated with Ryuk will block anti-malware software, allow hackers to monitor a victim's computer activity and spread to other machines on the same network.

Access to the computers can even be sold to "other criminal operators," the British report said.

It's unclear how the Ontario hospitals became targets, but the malware often penetrates systems using a Trojan horse: a user opens an infected email attachment and the malicious code spreads. (Police advise users not to click on emails from people they don't know.)

Hospitals often targeted

The Ontario health-care facilities aren't the only ones that have fallen victim to Ryuk attacks in recent days.

This week, three Alabama hospitals said a similar infection shut down computer systems and blocked access to patient lists. Several hospitals in Australia were paralyzed by a ransomware attack, also reported to involve Ryuk.

The episode, however, barely compares to the massive proportions of the global WannaCry ransomware pandemic in 2017, then described by European police as reaching an "unprecedented level" of infection.

At the time, many of the victims were found to have been running out-of-date Windows software that wasn't protected from such infections.

Adam Mansour, a cybersecurity expert with IntelliGO Networks in Toronto, said health-care facilities are particularly vulnerable to malware attacks because of their reliance on specialized software that only rarely gets updated.

"Hospitals, unfortunately have software that is hard to upgrade," he said.

Hard to beat

It's unclear who's responsible for the recent string of Ryuk attacks. Cybercrime analysts and specialized bloggers have suggested several criminal groups have been mounting such attacks and that the malware itself may originate from Russia.

The name "Ryuk" itself is taken from a Japanese comic book character who "cannot be harmed by conventional human weapons," according to a description on the industry website Comic Vine.

Yun Dong-jin/Yonhap via The Associated Press

It seems the malware can't easily be beaten, either. Mansour said system administrators usually have to "reimage" computers to reset them to their previous configurations from before the ransomware attack to restore full functionality.

He warns, though, it doesn't always work. "We've seen a lot of cases where just reimaging... is really just delaying the inevitable, which is that (the malware) will come right back."

HuffPost
Dismissed Juror Has 1 Word To Describe What It’s Like Seeing Trump In Person
Kara McGee was seated about 30 feet from the former president all day Monday.
2 hours ago
HuffPost
Donald Trump Flips Out Over Barron’s Graduation Ban. Here's What The Judge Really Said.
The former president's disingenuous spin on his hush money trial whipped up anger on the right, including from his other sons Don Jr. and Eric.
12 hours ago
HuffPost
Ex-Aide Sums Up Donald Trump’s Attitude To Melania Trump With 3 Words
Stephanie Grisham also recalled a telling telephone call the former president made about his wife.
2 days ago
Yahoo News UK
Julia Fox criticised over 'disgusting' vagina bikini outfit by FGM campaigners
Julia Fox has been accused of wearing the trauma of female genital mutilation survivors in her provocative outfit that shows a sewn-up vagina.
a day ago
Yahoo News Canada
Loblaws Canada groceries: Shoppers slam store for green onions with roots chopped off — 'I wouldn't buy those'
A photo of green onions being sold with the roots chopped off at a Toronto Loblaws store is stirring more anger online against the Canadian grocery giant.
3 hours ago
USA TODAY Opinion
Thank you, Donald Trump, for fighting for my right to be embroiled in a hush money scandal
I thank PRESIDENT Donald Trump for having the guts to stand up for my right to face allegations that I slept with an adult film star.
a day ago
HuffPost
Viewers Think Laura Ingraham Just Made A Big Admission Of Guilt For Trump
The Fox News host got called out for her characterization of Trump's relationship with Stormy Daniels.
10 hours ago
The Daily Beast
Gloves Off! DA Wants Trump Punished for Contempt on Day 1
Photo by Jabin Botsford-Pool/Getty ImagesThe Manhattan District Attorney’s Office wants the judge overseeing the first trial against a former American president to start it off with a lunging attack, asking the court to personally sanction Donald Trump for his verbal onslaught against witnesses in the case.Shortly after noon, Assistant District Attorney Christopher Conroy formally asked the judge to fine Trump “$1,000 for each post that violates the court order,” “direct the defendant to take do
a day ago
HuffPost
Right-Wing 'Reacher' Fans Flip Out After Alan Ritchson Calls Trump A 'Rapist And A Con-Man'
Ritchson wondered why some Christians see Trump as their "poster child" in an interview with The Hollywood Reporter.
49 minutes ago
HuffPost
Jimmy Kimmel Turns 1 Of Trump’s Biggest Insults Against Him After Bizarre Court Moment
The late-night host also unveiled some damning new nicknames for the former president.
14 hours ago
People
Married Teacher Allegedly Caught Undressed in Back of Car with Teen Student: Police
Erin Ward, 45, was allegedly found inside a car with a 17-year-old student, according to the Douglas County Sheriff’s Office
a day ago
The Daily Beast
First Six Jurors Seated for Trump Hush-Money Trial
Jabin Botsford-Pool/GettyThe process of selecting the New Yorkers who will determine whether Donald Trump committed a criminal cover-up picked up the pace on Tuesday, as six jurors were selected by the end of the trial’s second day.New York State Supreme Court Judge Juan Merchan said he now aims to have attorneys deliver opening statements this coming Monday and finally get this show on the road.But all that depends on whether lawyers can get through the slog of screening dozens of other prospec
7 hours ago
People
“SNL”'s Heidi Gardner Left the Stage with 'Anxiety' After Breaking So Hard in “Beavis and Butt-Head” Sketch
The hilarious skit also starred the night's host, Ryan Gosling, and fellow 'SNL' stars Kenan Thompson and Mikey Day
3 hours ago
People
Controversial TikToker Kyle Marisa Roth Has Died, Family Announces: 'Loved and Lived Fiercely'
The TikToker's family announced her death on April 15 in a series of posts on social media
a day ago
Business Insider
US Navy warships shot down Iranian missiles with a weapon they've never used in combat before
The secretary of the Navy said American destroyers fired SM-3s to intercept Iranian ballistic missiles during an unprecedented attack on Israel.
4 hours ago
The Daily Beast
Trump Wanted to See Crowd Outside Trial. He Got 50 Randos.
Spencer Platt/GettyOutside the Manhattan Criminal Court on Monday, a “Christian conservative rapper” who identified himself as “Shawn DVS 7.0” awaited the arrival of Donald Trump.“Sometimes I have my disagreements with Trump, but nobody compares,” he said, resting a full-size American flag pole on his shoulder. Democrats, he added, “couldn’t get him with collusion, they couldn’t get him with all the other stuff before, so now they’re going with all these side angles.”He was one of about 50 Trump
a day ago
Hello!
King Charles's big change at Sandringham will affect Princess Kate and Prince William's home
King Charles plans big change at Sandringham estate which will affect Kate Middleton and Prince William's property, Anmer Hall. Details...
a day ago
CBC
GTA contractor sued 11 times, as homeowners left 'in disgust'
When Paul and Teresa Polyviou moved into their new home in Kleinburg, Ont., they envisioned hosting family and friends in the backyard. Last May, the couple hired Gianni (John) Evangelisti of Freedom Pools to bring that vision to life by extending their interlocked driveway and building a side walkway to an all-stone backyard patio, with new concrete stairs and a shaded wooden canopy. It was supposed to be a two-week job, Paul Polyviou said. Almost a year and more than $72,000 later, there's gra
2 days ago
CNN
Trump says $175 million bond is financially secure, asks judge to reject New York attorney general’s challenge
Lawyers for former President Donald Trump said his $175 million bond posted to satisfy the judgement in the New York civil fraud case is financially sound, and they asked the judge to set aside the attorney general’s challenge to the bond and award him costs and fees.
17 hours ago
The Daily Beast
Jake Tapper Cracks Up Over Impression of Jury Candidate Who ‘Hated’ Trump
CNNCNN’s Jake Tapper was met with an impersonation of an Irish woman when he brought on a former lawyer for Donald Trump to discuss the process of selecting jurors in front of a judge.William Brennan, an attorney who represented Trump during the 2022 Trump Organization trial, spoke to Tapper on Monday about his experience evaluating potential jurors in the case. That experience apparently included an introduction to a 40-something Irish woman who had strong opinions about the twice-impeached for
22 hours ago

Latest Stories