UnitingCare Queensland has identified the Sodinokibi/REvil ransomware gang as the attackers behind an infection that some of its technology systems suffered last month.
The attack, which was disclosed on April 26, rendered many IT systems used by hospitals and aged care facilities run by the group inoperable.
“We can confirm that the external group claiming responsibility for this incident has identified themselves as REvil/Sodin,” the company said in its first statement since the attack.
The Sodinokibi malware encrypts files and tries to wipe out backups before demanding a ransom, which often balloons if not paid within a certain period of time.
UnitingCare Queensland said it was still uncertain when it would be able to recover its systems fully.
“It is not possible to provide a resolution timeframe at this stage,” the organisation said.
“However, we can confirm that we are making significant progress towards securing, cleansing, and recovering our systems.
“Some systems have already been reinstated with cyber security testing now underway.”
UnitingCare Queensland said it was conducting a “thorough investigation” to determine if “patient, client, resident or employee information has been breached” as a result of the infection.
“This investigation is continuing and we will continue to keep the people we care for updated in this regard, in addition to employees, regulators and other stakeholders,” it said.
The organisation said it continued to prioritise those under its care, and said that “back-up and downtime procedures have been in place to ensure continuity of our clinical and care services, and these procedures have been working very well.”
REvil is responsible for several high-profile infections in recent months, including Acer and Apple supplier Quanta.