An Important Message from HIROC – Ryuk Ransomware

lock image on screen

This alert is intended to raise awareness of a recently-reported information-security threat caused by a malware attack known as Ryuk ransomware. 

According to the alerts highlighted by the Canadian Centre for Cyber Security, Ryuk ransomware can be in the environment for a period of time after infecting the network, for days to months – without detection. This allows the attackers to identify and target critical information systems that will result in maximum impact. Once critical systems are identified, Ryuk then locks down the systems – preventing access and demanding payment for the release of the systems. 

At this time HIROC recommends all healthcare organizations undertake the following steps:

  • Scan all networks, laptops, devices, and systems using the latest versions of anti-malware/anti-virus software to detect possible malware infections.
  • Use tools to scan and verify that the services running on networks, laptops, devices and systems are approved application services. If possible, deny all unapproved applications from executing.
  • Alert employees, practitioners, students, volunteers, and agents who have access to your networks and systems. They should be vigilant and not click on any untrusted web links or open questionable e-mails and attachments. Educate users on how they can recognize credible web links and e-mail addresses. 
  • Assess data recovery and post-incident management protocols to ensure an appropriate strategy is in place to recover from virus or malware attacks. 

As your trusted healthcare advisor, here are some additional resources that may be helpful to you and your team:

If you have any questions, please contact Kopiha Nathan, HIROC’s Privacy and Compliance Officer at