Header image

Attackers Request $50 Million to End NHS Ransomware

The payment demand was made to Synnovis.

A threat actor is demanding $50 million from Synnovis to bring the ransomware attack on the company to an end.

According to Bloomberg, a cohort of Russian-speaking hackers known as Qilin are demanding the payment from the company, which has caused a number of operations to be cancelled.

An spokesperson for the hacker group said the attackers were preparing to post online data stolen in the attack, and had originally set a 120 hour deadline for the payment to be received.

According to a list of alleged victims the gang has published on its website, Qilin has been active since mid-2022 and has targeted more than 100 companies in more than a dozen countries.

The spokesperson for Qilin had exploited a zero day vulnerability to gain access to Synnovis’ computers, although this could not be verified.

Kevin Robertson, COO of Acumen Cyber said that despite Synnovis being a private company, and not a direct part of the NHS, it is not clear what approach it would take.

“This is a huge figure which clearly shows the attackers understand the chaos they are causing to Synnovis and hospitals across London,” he said, pointing out that if Qilin had targeted the NHS directly, this demand would never be met.

“The damage has been on a scale rarely witnessed after a cyber attack, but this does show the real-world consequences of breaches today.”


Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

08
Aug
Webinar

How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image