Qilin demands $50 million from Synnovis and leaks patient data


It has been reported that the Russian ransomware gang Qilin is demanding $50 million (£39.5m) to end a ransomware attack against Synnovis, a lab services provider to the NHS. Since this happened it has also been revealved by NHS England that the recent ransomware attack on Synnovis has postponed 1,134 elective procedures and 2,194 outpatient appointments since June 3.

The update also comes amid reports Qilin has now published 400GB of blood test data on its leak site.

In response to the news, please see below comments from Kevin Robertson, COO of Acumen Cyber, and Conor Agnew, Lead Cyber Security Assessor at Closed Door Security:

Kevin Robertson, COO of Acumen Cyber

“This is a huge figure which clearly shows the attackers understand the chaos they are causing to Synnovis and hospitals across London.

If Qilin had targeted the NHS directly, this demand would never be met.

The UK government has made clear it will never negotiate with ransomware gangs, as they know this only fuels the industry. However, it’s not clear what approach a private organisation like Synnovis will take. Clearly the organisation is in a state of turmoil just now.

In the last few weeks thousands of people have been impacted by the attack on Synnovis. 1500 medical appointments and surgeries have been cancelled, heart operations have been postponed, blood supplies have been affected. The damage has been on a scale rarely witnessed after a cyber attack. But this does show the real-world consequences of breaches today.

Other organisations must learn from this incident and work to harden their defences against ransomware. These attacks are not going to go away, they are only going to increase, especially while Russia provides a safe haven for adversaries where they are celebrated for attacks, rather than penalised.

In addition to the typical IT security controls, organisations today should also be implementing centralised logging, with alerting & correlation capabilities to detect threats across multiple attack vectors. Just patching your infrastructure and implementing MFA doesn’t cut the mustard against today’s threat actors.

If this isn’t possible due to a shortage of internal cyber security personnel, it’s time to look at outsourcing to organisations who are experts in the field. These dedicated businesses can fill any gaps that are leaving organisations vulnerable to attack. This reduces the need for internal cyber security resources, cuts costs and significantly improves enterprise cyber resilience.”

Conor Agnew, Lead Cyber Security Assessor at Closed Door Security

“This is undoubtedly one of the worst cyber attacks the UK has faced in recent history.

Not only are we seeing operations at Synnovis brought to a standstill, but we are seeing critical medical appointments postponed which will cause serious distress for patients. This is the worst outcome of any cyber incident. People’s lives are being put at risk.

We don’t know how Qilin breached Synnovis’s network, but the attackers are not backing down. They have set their demand, and they want paid. This recent leak is to apply more pressure on Synnovis and motivate the company into paying, while demonstrating the highly sensitive data the Qilin now has in its possession.

Despite the actors stating the attack is politically motivated, it is most likely spurred by a desire to make money and financially benefit from the disruptions the incident is causing to patient care.

Every business must learn from this incident. There is no immunity to cyber crime, and nation state attackers are ruthless with their assaults.

Defending against these types of attacks must be a priority for every organisation.

Systems must be tested regularly to identify bugs and weaknesses that could be exploited by criminals. While employees must be trained to understand cyber risks. This must be bolstered with technical defences that detect malicious activity and make it harder for criminals to break into systems and execute ransomware.”

For more cyber news, click here


Related posts

Scroll to Top