Russian hackers behind cyber attack on London hospitals
A Russian cybercrime group called Qilin is responsible for the ransomware attack on numerous major hospitals in London. At least that’s what former chief executive of the National Cyber Security Centre (NCSC) Ciaran Martin claims.
Earlier this week, seven London hospitals, including Guy’s Hospital and St Thomas’ Hospital, fell victim to a severe ransomware attack. The incident had such a crippling effect that tests, operations and other medical treatments had to be canceled. To prevent further spreading of the malicious software, hospital servers were disconnected.
Experts are calling the attack a “critical incident” and a “major IT incident”.
‘Who’s behind the attacks?’ many people wondered. Ciaran Martin, former head of the NCSC, says he has the answer. “We believe it is a Russian group of cybercriminals who call themselves Qilin,” he said on BBC Radio 4’s Today program on Wednesday.
“These criminal groups operate freely from within Russia. They give themselves high-profile names, they’ve got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organizations across the world,” Martin continues.
He points out Qilin has attacked automotive companies, Australian courts and targets in the United Kingdom. “They’re simply looking for money,” he mentions.
Investigation is still ongoing
According to the NCSC’s former director, there are two types of ransomware attacks. “One is when they steal a load of data and they try to extort you into paying so that it isn't released.”
“But this case is different. It’s the more serious type of ransomware where the system just doesn’t work,” Martin continues. Restoring the hospitals’ services is currently the highest priority.
The NCSC is investigating the impact of the ransomware attack along with National Health Services (NHS) officials. IT service provider Synnovis said the incident has been reported to the police and the Information Commissioner’s Office (ICO), UK’s privacy and data protection authority.
This is what we know about Qilin
Qilin is a hacker collective that has been active since October 2022. The group operates as a ‘Ransomware-as-a-Service’ approach, meaning affiliates can use hacker tools and infrastructure in exchange for a piece of the pie, which is roughly 15 to 20 percent of all illicit revenues.
The group claims to be responsible for more than fifty hacks in the past four months. “Its attacks tend to be opportunistic rather than targeted,” a spokesperson from cybersecurity firm Secureworks tells The Guardian.
He adds: “In total, there have been 112 organizations posted to their site, and although information technology companies lead the way in terms of impacted industries, they have attacked organizations across a wide range of sectors.”
Your email address will not be published. Required fields are marked