SECURITY
SECURITY
SECURITY
Hackers demand $50M ransom payment from UK lab provider following hospital disruption
A Russian hacking group is reportedly demanding a $50 million ransom payment from a U.K. lab services provider following a ransomware attack earlier this month that disrupted hospitals in London.
The hacking group, known as Qilin, targeted Synnovis Group LLP, which provides lab services to hospitals in London under the U.K.’s National Health Service. Someone affiliated with Qilin deployed ransomware on the company’s network and then demanded payment for a key to decrypt the locked-up data.
The ransomware attack locked down vital computer systems used to provide blood testing and transfusion services to NHS hospitals and clinics, primarily in South East London. The consequence of the attack was widespread disruptions, with thousands of scheduled operations and appointments canceled as a result.
In some cases, patients requiring critical care have been diverted to other hospitals and some hospitals were reported forced to switch to using handwritten records when dealing with patients. Some two weeks after the initial attack, disruptions are reportedly ongoing.
A representative of the Qilin ransomware group spoke with Bloomberg, saying that they had breached the company and that if their ransom demand was not met, they were preparing to post the data stolen in the attack online. Exactly what data was stolen is not clear, with a spokesperson for Synnovis saying that “the investigation into the attack continues, including any possible impact to data.”
Qilin was first linked to the attack on June 5, with Ciaran Martin, former chief executive of the National Cyber Security Centre, called it a “very, very serious incident” and that Qilin had a “two-year history of attacking organizations across the world.”
The Russian hacking group has been linked to previous attacks, including one targeting Court Service Victoria, the independent body that runs court services in Victoria, Australia, in December. The attack in that case saw the theft of court recordings and disruptions to court services.
As noted at the time, thugh Qilin is believed to be Russian, the attack is not necessarily Russian in origin, as the Qilin ransomware is offered on a ransomware-as-a-service basis. That means an affiliate is likely to have been behind the attack and the Qilin affiliate could have been from anywhere. The same is likely to hold true for the attack on Synnovis that has affected hospital services in the U.K.
Photo: Raxpixel
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
