A Russian cyber gang is said to be behind a ransomware attack on London hospitals

LONDON – A Russian cyber gang is believed to be behind a ransomware attack that paralyzed operations at London hospitals and led to the cancellation of operations and appointments, the former head of Britain’s cybersecurity said Wednesday.

A group called Qilin is most likely behind the attack on Synnovis, which provides pathology laboratory services to several National Health Service hospitals, said Ciaran Martin, former executive director of the National Cyber ​​​​Security Centre.

Martin said it was one of the more serious ransomware attacks in the UK as it brought ongoing operations to a halt.

“It’s the more serious type of ransomware where the system just doesn’t work,” Martin told BBC Radio 4. “If you work in this healthcare trust, you just don’t get those results, so it’s actually seriously disruptive.”

Monday’s incident affected King’s College and Guy’s and St Thomas’ Hospital Trusts, which run several hospitals in south London as well as clinics and doctors’ surgeries in part of the city, the NHS said.

A memo to staff called the incident “critical” and said it had a “significant impact” on care, particularly blood transfusions, with procedures and surgeries cancelled or performed elsewhere.

The incident was reported to the police.

Synnovis CEO Mark Dollar said on Tuesday that they were still trying to understand what happened. The company did not provide any further comment on Wednesday.

Ransomware involves criminals crippling computer systems with malicious software and then demanding money for its release. Ransomware is the most expensive and damaging form of cybercrime, affecting local authorities, court systems, hospitals and schools as well as businesses. It is difficult to combat because most gangs are based in former Soviet states and are beyond the reach of Western justice.

Britain’s state-funded healthcare system has been hit before, including during a ransomware attack in 2017 that froze computers in hospitals across the country, closing wards and emergency departments and halting treatment.

Qilin, also known as Agenda, advertises on cybercrime forums on the dark web and rents malware to partners who use it to carry out attacks in exchange for a percentage of ransom payments, said Louise Ferrett of Searchlight Cyber, a threat intelligence firm. The group has listed more than 100 victims.