UPDATED 19:52 EST / JUNE 18 2024

SECURITY

Hackers demand $50M ransom payment from UK lab provider following hospital disruption

A Russian hacking group is reportedly demanding a $50 million ransom payment from a U.K. lab services provider following a ransomware attack earlier this month that disrupted hospitals in London.

The hacking group, known as Qilin, targeted Synnovis Group LLP, which provides lab services to hospitals in London under the U.K.’s National Health Service. Someone affiliated with Qilin deployed ransomware on the company’s network and then demanded payment for a key to decrypt the locked-up data.

The ransomware attack locked down vital computer systems used to provide blood testing and transfusion services to NHS hospitals and clinics, primarily in South East London. The consequence of the attack was widespread disruptions, with thousands of scheduled operations and appointments canceled as a result.

In some cases, patients requiring critical care have been diverted to other hospitals and some hospitals were reported forced to switch to using handwritten records when dealing with patients. Some two weeks after the initial attack, disruptions are reportedly ongoing.

A representative of the Qilin ransomware group spoke with Bloomberg, saying that they had breached the company and that if their ransom demand was not met, they were preparing to post the data stolen in the attack online. Exactly what data was stolen is not clear, with a spokesperson for Synnovis saying that “the investigation into the attack continues, including any possible impact to data.”

Qilin was first linked to the attack on June 5, with Ciaran Martin, former chief executive of the National Cyber Security Centre, called it a “very, very serious incident” and that Qilin had a “two-year history of attacking organizations across the world.”

The Russian hacking group has been linked to previous attacks, including one targeting Court Service Victoria, the independent body that runs court services in Victoria, Australia, in December. The attack in that case saw the theft of court recordings and disruptions to court services.

As noted at the time, thugh Qilin is believed to be Russian, the attack is not necessarily Russian in origin, as the Qilin ransomware is offered on a ransomware-as-a-service basis. That means an affiliate is likely to have been behind the attack and the Qilin affiliate could have been from anywhere. The same is likely to hold true for the attack on Synnovis that has affected hospital services in the U.K.

Photo: Raxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU