Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals The ransomware gang responsible for a healthcare crisis at London hospitals says it has no regrets about its cyberattack, which was entirely deliberate, it told The Register in an interview. Qilin says Synnovis, a partnership between pathology services company Synlab and two London NHS Trusts, wasn't targeted by accident. …
They’re in it for the money - dressing this up as politically-motivated is purely cynical - maybe it helps the sleep at night? Of course, they’re likely to be acting with impunity under a krisha (Russ: roof, metaphor for protection by someone with ‘influence’) of some kind, but that ain’t politics, it’s just bad actors.
"They’re in it for the money - dressing this up as politically-motivated is purely cynical"
The ONLY reason they're able to operate is that they're closely related to (or paying off) politicians at medium-to-high level
As soon as they touch russian-local infrastructure (even accidentally) they get offed. It's happened a few times
And then what? Extra-judicial executions, or being brought to the UK and given a suspended prison sentence?
The problem is that western governments are weak and incompetent, so Russian authorities see no downside to protecting scumbags like these. Proper sanctions would help - given Ukraine you might think Russia were under sanctions that harm it, but the most recent UK statistics showed that we still did £2.1 billion of trade directly with Russia (and France, Germany and the US have been trading vastly more with Russia, despite pretending they've put sanctions in place).
There shouldn't be ANY trade with Russia at the moment. And a further step the UK government should take would be sanctioning the scummy countries that are acting as middlemen to enable Russia to source sanctioned technology. That doesn't need to be anything like 100% of trade, just sufficient to multiply offset the profits being made by sourcing parts for Russia.
There shouldn't be ANY trade with Russia at the moment.
Erm.. Yes there should. So much conspiracy ideation in this article & comments like this bit-
It operates much like others in Russia have in the past and appears to target Western organizations and not those in countries allied to Russia, which would allow it to maintain its protected status at the Kremlin.
If Russian hackers target Russian organisations, then Russian law enforcement is going to go after them, prosecute them and jail them. If they hack targets outside Russia, how would Russia know? If we want to stop this, there should be trade between LEAs, evidence shared and requests for co-operation. Then there's just the matter of politics, ie extradition requests but hacking is illegal in Russia and hackers could be prosecuted there. If Russia refuses, then there's more grounds to claim 'protected' status. But given all the mud slinging and politics, there isn't really much incentive for Russia to co-operate. People like to try and link stuff like this to 'state sponsored' attacks, without producing any evidence when alternative explanations are much simpler, like attempting to extort $50m.
" it's only little peoples' data that's been lost anyway"
That's not what has happened.
The systems used to process tests and returning results has been targeted and is now inoperable. It uses minimal patient data - in fact it uses keys to anonymise the patient name etc. What has happened is that important tests being conducted around the clock, with results informing medical decisions, are now having to be processed and reported manually. Time consuming at best and limiting throughput.
The real story here is why the hospital DR plans failed to operate.
The reason for these systems failing so badly is that the two key NHS Trusts involved, used each other for their backup - but all used the same single service provider. Most of us would have recognised this potential problem early on.
The good news is that many other NHS Trusts and their laborartory services were about to do down the same route - but are now recalualting the risks. Some good may come from this attack.
Ransoms only result in positive action if the gang concerned want future potential victims to think that paying the ransom will restore services. If the amount concerned were just a bitcoin or two, and it was a broad spectrum attack that was hitting large numbers of victims, that calculation might be worthwhile - the scam only makes significant money if the victims report that paying the ransom worked and lot of other victims decide to pay up too.
In this case it was a specifically targeted attack, and the ransom was set at 50m - that's plenty enough money for a whole crime syndicate to just walk away (or more likely, rebrand and come back later under a different name). Add to that the security services will be highly motivated to try and track down the culprits of this attack, both because of the amount demanded and because of the nature of the target - this is arguably a terrorist attack on critical national infrastructure. If the gang did attempt to follow through on the promise of undoing their hack it would give the security services more opportunity to trace them and even retaliate.
I'd argue that paying a cyber ransom is always a bad bet, but this one was a complete non starter.
The phrasing stood out to me so I did some research and
Back in the day postcards from Russia and Ukraine would say "Wishing you a peaceful sky above your heads."
Very likely this reveals something about the writer's origin. Especially given the only real hacking law in Russia is "never hack Russians".
We choose only those companies whose management is directly or indirectly affiliated with the political elites of a particular country. The politicians of these countries do not keep their word, they promise a lot, but are in no hurry to fulfill their promises.
NK health care system is aligned with the political elite of NK government-of-one, therefore, I challenge them to hit any hospitals in North Korea.
Their statement about 'withholding "high-quality" medicines from other countries while keeping "a peaceful sky" above their own heads' rings hollow
A memento's consideration by the team would have led to the realisation that attacking a hospital pathology service is not getting back at big pharma.
"Without naming any countries or events specifically, and in vaguely incoherent English, they alluded to politicians withholding "high-quality" medicines from other countries while keeping "a peaceful sky" above their own heads."
...
""Qilin was considered a financially-motivated threat actor so political targeting doesn't align with their usual modus operandi," she said. "It is possible that, in this case, the gang decided to mix financial gain with proving a political point. "
This always annoys me. They happily trumpet this this was financial and not political.
I see it as very similar to a strike. When working condition become untenable it can result in a strike where all services stop until there is an agreement made to improve the situation for the workers.
This is that but for the public. The conditions are shockingly bad in public service areas and the public is well aware of the short comings. They are less aware of their data being used, absurd, sold, copied, spread online with no safety considerations and forgotten about with no safety or cold offline storage thought about.
In that case we the public can't strike, so the only viable and likely to get results recourse left is to hold the country to ransom and demonstrate very clearly the all this data is in full public view, ALL THE TIME! Not just when it is made public like this.
Its a awful situation, and one that absolutely should not exist, but we the people have made this not only possible, but the standard for day to day living and its getting worse for us.
It is a horrific way to get it dealt with but also likely the only one that might result in those fat fucks with the huge payrolls and endless kickbacks, that we elected, might actually do something.
Unfortunately it takes aiming for the head to get the body to even twitch.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
