Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Independent UK
The Independent UK
National
Storm Newton

Qilin: What we know about the Russian gang behind London hospital cyber attack

PA Archive

A Russian group of cyber criminals known as Qilin are said to be behind a cyber attack that impacted major London hospitals.

Pathology services provider Synnovis, a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, was targeted on Monday, June 3.

The attack on pathology services firm Synnovis has led to a “severe reduction in capacity”.

Hospitals declared a critical incident and have cancelled operations and tests, and been unable to carry out blood transfusions.

Memos to NHS staff at King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and the Evelina London Children’s Hospital) and primary care services in the capital said there had been a “major IT incident”.

Sources told The Independent on Tuesday hospitals have had to cancel major operations such as transplants, and were facing big delays in turning around emergency tests in A&E.

A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals, an expert has said (Myung Jung Kim/PA) (PA Archive)

The ransomware attack has led to hospitals cancelling operations and tests and being unable to carry out blood transfusions.

But who are Qilin?

Qilin is understood to be a Russian cyber gang that runs a ransomware-as-a-service model.

They operate using websites on the dark web, according to Ciaran Martin, the former chief executive of the National Cyber Security Centre.

He said the group has a two-year history of attacking organisations across the world.

What is ransomware?

Ransomware is a type of malware. In some cases, hackers use it to bring down systems and prevent users from accessing their devices or the data stored on them, usually by encrypting it. They will then demand money to decrypt the files.

However, Mr Martin claims Qilin’s attack on Synnovis is “more serious” as it has led to systems not working.

He added that it is “really one of the more serious that we’ve seen in this country”.

What other attacks is Qilin thought to be behind?

According to Mr Martin, Qilin has previously targeted publishing and social enterprise group the Big Issue Group.

Reports by Computer Weekly in March suggest the hackers claimed an attack during which the company’s IT systems were broken into and confidential data was stolen.

This included information on staff, such as addresses, passport scans and payroll information.

At the time, Paul Cheal, group chief executive of the Big Issue Group, confirmed some of the data had been posted on the dark web.

Experts claim Qilin is behind the attack on a pathology services provider which disrupted a number of London hospitals this week (Dominic Lipinski/PA) (PA Wire)

In January, reports in Australia suggested Qilin had hacked the systems used by courts in the state of Victoria.

Hackers allegedly gained access to recordings of hearings that occurred between November and December.

Qilin also claimed an attack on Yanfeng Automotive Interiors, a major supplier of car parts headquartered in China, last year.

The files stolen included financial documents, non-disclosure agreements, quotation files and technical data sheets, according to cybersecurity news site Bleeping Computer.

The attack had a knock-on effect on car maker Stellantis, which gets seating and interior components, including electronics, from Yanfeng.

It is understood production was halted at the car maker’s North American plants for the period of time as a result.

How has Synnovis and the NHS responded to the attack?

Some operations and procedures across the hospitals were cancelled or redirected to other providers.

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack, while Synnovis said it has been reported to law enforcement and the Information Commissioner.

If a ransom is demanded, will the hackers be paid?

The Government has a policy of not paying hackers, Mr Martin said, although the company impacted would be free to pay the ransom if it chose to.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.