The payment demand was made to Synnovis.
A threat actor is demanding $50 million from Synnovis to bring the ransomware attack on the company to an end.
According to Bloomberg, a cohort of Russian-speaking hackers known as Qilin are demanding the payment from the company, which has caused a number of operations to be cancelled.
An spokesperson for the hacker group said the attackers were preparing to post online data stolen in the attack, and had originally set a 120 hour deadline for the payment to be received.
According to a list of alleged victims the gang has published on its website, Qilin has been active since mid-2022 and has targeted more than 100 companies in more than a dozen countries.
The spokesperson for Qilin had exploited a zero day vulnerability to gain access to Synnovis’ computers, although this could not be verified.
Kevin Robertson, COO of Acumen Cyber said that despite Synnovis being a private company, and not a direct part of the NHS, it is not clear what approach it would take.
“This is a huge figure which clearly shows the attackers understand the chaos they are causing to Synnovis and hospitals across London,” he said, pointing out that if Qilin had targeted the NHS directly, this demand would never be met.
“The damage has been on a scale rarely witnessed after a cyber attack, but this does show the real-world consequences of breaches today.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
