Three Ontarian clinics have lately fallen prey to a cyber attack involving the popular Ryuk ransomware. The infection reportedly delayed patient care, took down email systems, and impeded the access to electronic medical records (EMRs), forcing staff members to process patient records the old way using a pen and a pad. Given the stealthy nature of the Ryuk ransomware, however, these may necessarily be the only affected hospitals so far. Instead, the attack may have reached many more health centers, unbeknownst to them yet.
The Threat Can Linger for Weeks
Unlike other widespread ransomware threats that typically strike while the iron is hot, Ryuk bides its time till it has harvested all the information it needs to determine whether the target would be willing to pay the ransom were it to face such a prospect. Should Ryuk's examination test positive in that regard, it launches a full-blown file encryption attack over the entire network. That is why security researchers remain apprehensive that Ryuk may be probing into many more hospitals for the time being. So far, however, Toronto's Michael Garron Hospital and Listowel Wingham Hospitals Alliance's two clinics in the southwest corner of Ontario are the only health centers that have publicly issued a word of warning about the malware attack. They did so on September 26, 2019, using their social media accounts to address the issue.
A Happy Outcome So Far
Even though the three centers openly admitted to having a malware sneak into their systems, officials have remained adamant that their hospitals neither suffered any data loss nor pay a single dime to compensate the crooks behind the attack. Ryuk may have used an email-embedded Trojan to evade AV detection, yet prompt action and regular data backups could somewhat reduce the damage to a minimum. Such an outcome inflicts a minor defeat on the crooks in charge of the Ryuk ransomware, who have raked in $3.7 million worth of Bitcoin by collecting ransomed money alone.
The Threat is Real
Apart from Ontarian hospitals, Ryuk's exploiters have been using the threat to infect health-care centers all over the world. So far, the reported incidents are especially prevalent in the United States and Australia in particular. Network administrators could resort to reimaging tools to restore encrypted data. However, such a technique may not prevent Ryuk from striking back due to its reasonably persistent nature. However, there is one more reason why hospitals remain (and will remain) highly susceptible to ransomware attacks. To carry out day-to-day operations, they typically use custom software tailored to their specific needs, which makes the latter significantly harder to upgrade as compared to other conventional programs and Operation Systems. The lack of regular updates gives hackers plenty of room to dissect the code in search of weak spots, thus leaving administrators with no other option but to be at the top of their game, always having something up their sleeves.