Hackers demand $50M ransom payment from UK lab provider following hospital disruption

A Russian hacking group is reportedly demanding a $50 million ransom payment from a U.K. lab services provider following a ransomware attack earlier this month that disrupted hospitals in London.

The hacking group, known as Qilin, targeted Synnovis Group LLP, which provides lab services to hospitals in London under the U.K.'s National Health Service. Someone affiliated with Qilin deployed ransomware on the company's network and then demanded payment for a key to decrypt the locked-up data.

The ransomware attack locked down vital computer systems used to provide blood testing and transfusion services to NHS hospitals and clinics, primarily in South East London. The consequence of the attack was widespread disruptions, with thousands of scheduled operations and appointments canceled as a result.

In some cases, patients requiring critical care have been diverted to other hospitals and some hospitals were reported forced to switch to using handwritten records when dealing with patients. Some two weeks after the initial attack, disruptions are reportedly ongoing.

A representative of the Qilin ransomware group spoke with Bloomberg, saying that they had breached the company and that if their ransom demand was not met, they were preparing to post the data stolen in the attack online. Exactly what data was stolen is not clear, with a spokesperson for Synnovis saying that "the investigation into the attack continues, including any possible impact to data."

Qilin was first linked to the attack on June 5, with Ciaran Martin, former chief executive of the National Cyber Security Centre, called it a "very, very serious incident" and that Qilin had a "two-year history of attacking organizations across the world."

The Russian hacking group has been linked to previous attacks, including one targeting Court Service Victoria, the independent body that runs court services in Victoria, Australia, in December. The attack in that case saw the theft of court recordings and disruptions to court services.

As noted at the time, while Qilin is believed to be Russian, the attack is not necessarily Russian in origin, as the Qilin ransomware is offered on a ransomware-as-a-service basis. This means that an affiliate is likely to have been behind the attack and the Qilin affiliate could have been from anywhere. The same is likely to hold true for the attack on Synnovis that has affected hospital services in the U.K.