Qilin: What we know about the Russian gang behind London hospital cyber attack
Qilin has previously targeted publishing and social enterprise group the Big Issue Group
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A Russian group of cyber criminals known as Qilin are said to be behind a cyber attack that impacted major London hospitals.
Pathology services provider Synnovis, a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, was targeted on Monday, June 3.
The attack on pathology services firm Synnovis has led to a “severe reduction in capacity”.
Hospitals declared a critical incident and have cancelled operations and tests, and been unable to carry out blood transfusions.
Memos to NHS staff at King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and the Evelina London Children’s Hospital) and primary care services in the capital said there had been a “major IT incident”.
Sources told The Independent on Tuesday hospitals have had to cancel major operations such as transplants, and were facing big delays in turning around emergency tests in A&E.
The ransomware attack has led to hospitals cancelling operations and tests and being unable to carry out blood transfusions.
But who are Qilin?
Qilin is understood to be a Russian cyber gang that runs a ransomware-as-a-service model.
They operate using websites on the dark web, according to Ciaran Martin, the former chief executive of the National Cyber Security Centre.
He said the group has a two-year history of attacking organisations across the world.
What is ransomware?
Ransomware is a type of malware. In some cases, hackers use it to bring down systems and prevent users from accessing their devices or the data stored on them, usually by encrypting it. They will then demand money to decrypt the files.
However, Mr Martin claims Qilin’s attack on Synnovis is “more serious” as it has led to systems not working.
He added that it is “really one of the more serious that we’ve seen in this country”.
What other attacks is Qilin thought to be behind?
According to Mr Martin, Qilin has previously targeted publishing and social enterprise group the Big Issue Group.
Reports by Computer Weekly in March suggest the hackers claimed an attack during which the company’s IT systems were broken into and confidential data was stolen.
This included information on staff, such as addresses, passport scans and payroll information.
At the time, Paul Cheal, group chief executive of the Big Issue Group, confirmed some of the data had been posted on the dark web.
In January, reports in Australia suggested Qilin had hacked the systems used by courts in the state of Victoria.
Hackers allegedly gained access to recordings of hearings that occurred between November and December.
Qilin also claimed an attack on Yanfeng Automotive Interiors, a major supplier of car parts headquartered in China, last year.
The files stolen included financial documents, non-disclosure agreements, quotation files and technical data sheets, according to cybersecurity news site Bleeping Computer.
The attack had a knock-on effect on car maker Stellantis, which gets seating and interior components, including electronics, from Yanfeng.
It is understood production was halted at the car maker’s North American plants for the period of time as a result.
How has Synnovis and the NHS responded to the attack?
Some operations and procedures across the hospitals were cancelled or redirected to other providers.
NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack, while Synnovis said it has been reported to law enforcement and the Information Commissioner.
If a ransom is demanded, will the hackers be paid?
The Government has a policy of not paying hackers, Mr Martin said, although the company impacted would be free to pay the ransom if it chose to.