LONDON — A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled, the former head of British cybersecurity said Wednesday.
A group known as Qilin is most likely behind the attack on Synnovis, which provides pathology lab services for several hospitals run by the National Health Service, said Ciaran Martin, former chief executive of the National Cyber Security Centre.
Martin said it was one of the more serious ransomware attacks in the U.K. because it disabled operations.
“It’s the more serious type of ransomware where the system just doesn’t work,” Martin told BBC Radio 4. “If you’re working in healthcare in this trust, you’re just not getting those results so it’s actually seriously disruptive.”
The incident Monday affected King’s College and Guy’s and St Thomas’ hospital trusts, which run several south London hospitals, as well as clinics and doctors’ practices across a swath of the city, the NHS said.
A memo to staff called it a “critical incident” and said it had a “major impact” on services, particularly blood transfusions. Procedures and operations were canceled or redirected elsewhere.
The incident was reported to police.
Synnovis Chief Executive Mark Dollar said Tuesday that it was still trying to understand what happened. The company offered no further comment Wednesday.
Ransomware involves criminals paralyzing computer systems with malware, then demanding money to release them. Ransomware is the costliest and most disruptive form of cybercrime, affecting local governments, court systems, hospitals and schools as well as businesses. It is difficult to combat as most gangs are based in former Soviet states and out of reach of Western justice.
Britain’s state-funded health system has been hit before, including during a 2017 ransomware attack that froze computers at hospitals across the country, closing down wards, shutting emergency rooms and bringing treatment to a halt.
Qilin, also known as Agenda, advertises on dark web cybercrime forums and leases malware to affiliates who use it to conduct attacks for a percentage of ransom payments, said Louise Ferrett of Searchlight Cyber, a threat intelligence company. The group has listed more than 100 victims.
London hospitals have recently been targeted in a ransomware attack that is suspected to be linked to a Russian cybercriminal gang. The attack, which occurred earlier this week, has caused chaos and disruption to the healthcare system in the city.
Ransomware attacks involve hackers infiltrating a computer system and encrypting files, demanding a ransom in exchange for the decryption key. In this case, the hackers targeted several hospitals in London, causing significant disruption to their operations.
The attack is believed to be the work of a Russian cybercriminal gang known for targeting healthcare organizations. The group has been responsible for several high-profile attacks in recent years, including the infamous WannaCry attack that affected hundreds of thousands of computers worldwide.
The impact of the ransomware attack on London hospitals has been severe, with patients facing delays in treatment and surgeries being postponed. Hospital staff have been forced to resort to pen and paper to record patient information, leading to further delays and confusion.
The National Health Service (NHS) has issued a statement urging hospitals to remain vigilant and take steps to protect their systems from further attacks. They have also advised patients to be patient and understanding as hospitals work to restore their systems and resume normal operations.
Cybersecurity experts are working around the clock to investigate the attack and identify the perpetrators. They are also working to decrypt the affected files and restore normal operations to the hospitals.
This latest ransomware attack serves as a stark reminder of the growing threat posed by cybercriminals, particularly those operating in Russia. It highlights the need for organizations, including healthcare providers, to invest in robust cybersecurity measures to protect their systems and data from such attacks.
As the investigation into the attack continues, authorities are urging hospitals and other organizations to remain vigilant and take steps to protect themselves from similar attacks in the future. The ransomware attack on London hospitals is a stark reminder of the need for organizations to prioritize cybersecurity and take proactive measures to safeguard their systems and data.
