Connect with us

Hi, what are you looking for?



A Russian Cyber Gang Is Thought to Be Behind a Ransomware Attack That Hit London Hospitals

A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled.

A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled, the former head of British cybersecurity said Wednesday.

A group known as Qilin is most likely behind the attack on Synnovis, which provides pathology lab services for several hospitals run by the National Health Service, said Ciaran Martin, former chief executive of the National Cyber Security Centre.

Martin said it was one of the more serious ransomware attacks in the U.K. because it disabled operations.

“It’s the more serious type of ransomware where the system just doesn’t work,” Martin told BBC Radio 4. “If you’re working in healthcare in this trust, you’re just not getting those results so it’s actually seriously disruptive.”

The incident Monday affected King’s College and Guy’s and St Thomas’ hospital trusts, which run several south London hospitals, as well as clinics and doctors’ practices across a swath of the city, the NHS said.

A memo to staff called it a “critical incident” and said it had a “major impact” on services, particularly blood transfusions. Procedures and operations were canceled or redirected elsewhere.

The incident was reported to police.

Synnovis Chief Executive Mark Dollar said Tuesday that it was still trying to understand what happened. The company offered no further comment Wednesday.

Advertisement. Scroll to continue reading.

Ransomware involves criminals paralyzing computer systems with malware, then demanding money to release them. Ransomware is the costliest and most disruptive form of cybercrime, affecting local governments, court systems, hospitals and schools as well as businesses. It is difficult to combat as most gangs are based in former Soviet states and out of reach of Western justice.

Britain’s state-funded health system has been hit before, including during a 2017 ransomware attack that froze computers at hospitals across the country, closing down wards, shutting emergency rooms and bringing treatment to a halt.

Qilin, also known as Agenda, advertises on dark web cybercrime forums and leases malware to affiliates who use it to conduct attacks for a percentage of ransom payments, said Louise Ferrett of Searchlight Cyber, a threat intelligence company. The group has listed more than 100 victims.

Related: Resurgence of Ransomware: Mandiant Observes Sharp Rise in Criminal Extortion Tactics

Related: New Endpoint Protection Platform by Cigent Blocks Ransomware at the Data Level

Related: Ransomware Gang Leaks Data From Australian Mining Company

Written By


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights