UK Hospital Hackers Say They’ve Demanded $50 Million in Ransom

By Ryan Gallagher | June 19, 2024

A cohort of Russian-speaking hackers is demanding $50 million from a UK lab-services provider to end a ransomware attack that has paralyzed services at London hospitals for weeks, according to a representative for the group.

Qilin, as the group is known, confirmed through the representative that it had breached the pathology services company Synnovis and demanded the money in exchange for code to unlock affected computers. In an interview, the representative said the hackers were preparing to post online data stolen in the attack.

“The investigation into the attack continues, including any possible impact to data,” a Synnovis spokesperson said in a statement, adding that the company will inform regulators and affected individuals as it learns more about the incident.

Ciaran Martin, former chief executive officer of the UK’s National Cyber Security Centre, previously said that Qilin appeared to be behind the attack.

On June 4, Synnovis announced that it had been targeted by a ransomware attack that locked down vital computer systems used to provide blood-testing and transfusion services to National Health Service hospitals and clinics, predominantly in South East London. Medical organizations swept up in the breach were aware of cyber vulnerabilities dating back for years.

The incident has reverberated across the health system. In the first week, doctors canceled roughly 800 planned operations and 700 outpatient appointments, postponed blood tests and resorted to handwritten records, according to the National Health Service. At least one hospital has asked workers for blood donations to address supply shortages, while some patients needing critical care have been diverted to other facilities. Cancer treatments and C-section births were also rescheduled.

The disruption has continued as the company has worked to recover its damaged computers.

A Qilin website where the group listed its alleged victims disappeared from the internet in the days after the hack, though another page remains online. Synnovis wasn’t listed on that site.

Responding to questions about the breach through a messaging account long associated with the gang, a representative for the hackers said that they were very sorry for the people who suffered, but refused to accept responsibility for the human cost. They suggested the attack was justified because it was in retaliation for the British government’s involvement in unspecified wars.

The representative added that they had ceased contact with Synnovis after apparently failing to receive any ransom payment following the expiration of a 120-hour deadline. They said hackers had exploited an undisclosed security vulnerability – known as a “zero day” – to gain access to Synnovis’ computers.

Bloomberg News couldn’t independently verify the claims about such a vulnerability.

Qilin has been active since mid-2022 and has targeted more than 100 companies in more than a dozen countries, according to a list of alleged victims the gang has published on its website. The group uses ransomware to encrypt files on infected computers so that they cannot be accessed. It also often steals data from its victims, then threatens to publish the data online unless a payment is made.

Top photo: Ambulances queued up outside the Royal London Hospital in London, U.K., on Friday, Jan. 7, 2022. The U.K. sent 200 armed forces personnel into hospitals in London to help relieve staff shortages due to a surge in the omicron Covid-19 variant. Photographer: Chris J. Ratcliffe/Bloomberg.

Was this article valuable?

Here are more articles you may enjoy.