Skip to content

Qilin demands $50 million ransom from Synnovis for decryption key

  • by
  • 3 min read

A group of Russian-speaking ransomware hackers, known as Qilin, have demanded $50 million from Synnovis, a UK-based pathology services provider. The cyber assault, which happened on June 4, has severely disrupted services at multiple hospitals in London, leading to a crisis that has persisted for several weeks.

Through a representative, the Qilin group confirmed that they had breached Synnovis and demanded the ransom in exchange for the decryption code necessary to unlock the affected computers, confirmed Bloomberg.

The group has also threatened to post stolen data online, further pressuring SYnnovis. According to the representative, the hackers exploited a previously unknown zero-day security vulnerability to infiltrate Synnovis’s systems.

The hackers have also issued a 120-hour deadline for the ransom payment, after which they ceased communication with Synnovis, citing non-payment. While expressing regret for the inconvenience caused to the patients, the representative controversially justified the attack as retaliation against the British government’s involvement in unspecified wars.

Synnovis publicly acknowledged the attack on June 4. The attack crippled essential computer systems used to provide critical blood-testing and transfusion services to National Health Service (NHS) hospitals and clinics, primarily in South East London.

Illustration: JMiks | Shutterstock
Hospitals and other health service providers are primary targets of ransomware gangs. | Illustration: JMiks | Shutterstock

In a statement, a company spokesperson assured that an investigation into the attack is ongoing. The focus is on understanding the breach’s extent and potential data impacts. The company has pledged to inform regulators and affected individuals as more information becomes available.

The hackers have encrypted vital systems, making it impossible for medical staff to access necessary data. This has forced doctors and nurses to revert to handwritten records, resulting in widespread operational chaos.

In the first week alone, the NHS reported the cancellation of approximately 800 planned surgeries and 700 outpatient appointments. Blood tests were postponed, and at least one hospital called for employee blood donations to address severe shortages. The disruption also led to the rescheduling of cancer treatments and C-section births, and critically ill patients had to be transferred to other facilities.

Ciaran Martin, former chief executive of the UK’s National Cyber Security Centre, identified Qilin as the group behind the attack, highlighting the gang’s notoriety. Qilin, active since 2022, has targeted over 100 companies across a dozen countries, using ransomware to lock down systems and steal sensitive data.

Recently, 18 hospitals in Romania were targeted in a ransomware attack. The health sector has been a primary target for cyber crooks for a long time now. The ramifications of these breaches affect patients’ security and privacy and sometimes lead to life-or-death situations.

In the News: Pakistani threat actors use Discord emojis to spy on Indian government agencies

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: