Who are the Russian cyber gang Qilin?

A Russian group of cyber criminals known as Qilin were behind a cyber attack that impacted major London hospitals.

Pathology services provider Synnovis, a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, was targeted on Monday, June 3.

The ransomware attack has led to hospitals cancelling operations and tests and being unable to carry out blood transfusions.

But who are Qilin?

Qilin is a Russian cyber gang that runs a ransomware-as-a-service model.

They operate using websites on the dark web, and have a two-year history of attacking organisations across the world.

What is ransomware?

Ransomware is a type of malware. In some cases, hackers use it to bring down systems and prevent users from accessing their devices or the data stored on them, usually by encrypting it.

They will then demand money to decrypt the files.

What other attacks is Qilin thought to be behind?

Qilin has previously targeted publishing and social enterprise group the Big Issue Group.

Reports by Computer Weekly in March suggest the hackers claimed an attack during which the company’s IT systems were broken into and confidential data was stolen.

This included information on staff, such as addresses, passport scans and payroll information.

At the time, Paul Cheal, group chief executive of the Big Issue Group, confirmed some of the data had been posted on the dark web.

In January, reports in Australia suggested Qilin had hacked the systems used by courts in the state of Victoria.

Hackers allegedly gained access to recordings of hearings that occurred between November and December.

Qilin also claimed an attack on Yanfeng Automotive Interiors, a major supplier of car parts headquartered in China, last year.

The files stolen included financial documents, non-disclosure agreements, quotation files and technical data sheets, according to cybersecurity news site Bleeping Computer.

The attack had a knock-on effect on car maker Stellantis, which gets seating and interior components, including electronics, from Yanfeng.

It is understood production was halted at the car maker’s North American plants for the period of time as a result.

How has Synnovis and the NHS responded to the attack?

Some operations and procedures across the hospitals were cancelled or redirected to other providers.

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack, while Synnovis said it has been reported to law enforcement and the Information Commissioner.

If a ransom is demanded, will the hackers be paid?

It is understood the Government has a policy of not paying hackers, although the company impacted would be free to pay the ransom if it chose to.