London Healthcare Still Paralyzed by Synnovis Ransomware Attack

The healthcare sector has once again found itself in the crosshairs of ruthless ransomware groups.

Synnovis, a key provider of laboratory and diagnostic services in London, fell victim to a debilitating ransomware attack, causing widespread disruptions and putting the city's healthcare services in a state of critical alert.

Anatomy of the Attack

While concrete details remain scant, the ramifications are palpable. Synnovis, integral to the functioning of several London hospitals, experienced a massive system shutdown.  

This attack has cascaded, impacting the timely delivery of healthcare services and leaving patients and healthcare providers in a precarious situation.

The attack has been attributed to Qilin. The group, also known as Agenda, is a ransomware-as-a-service (RaaS) operation that first emerged in July 2022.

The Perpetrators

According to the quarterly Power Rankings: Ransomware Malicious Quartile Q1-2024 report, Qilin is a notable threat actor in the ransomware ecosystem, written in both Go and Rust programming languages, making it versatile in targeting both Windows and Linux systems.  

The group offers a generous profit-sharing model designed to attract skilled affiliates capable of executing significant attacks—a model that has positioned them as a notable threat in the ransomware landscape.

Its RaaS platform offers multiple encryption techniques, providing operators with several configuration options for conducting attacks.

This flexibility in their attack methods and the use of advanced programming languages like Rust contribute to their ability to evade security measures and enhance their platform continuously.  

Qilin also maintains a leaks site for double extortion, threatening to expose sensitive data if victims do not comply with ransom demands.

Recent Attack Patterns

Qilin is known for exploiting vulnerable applications, including Remote Desktop Protocol (RDP).  

The group's attack volume has been modest compared to leading ransomware operators but is expected to increase due to their focus on developing a highly profitable RaaS platform.  

The group employs double extortion techniques, which include data exfiltration and the threat of exposing or selling the data if ransom demands are not met.  

Their ransom demands are typically in the millions of dollars, and their affiliates receive a higher percentage of the ransom than with some other high-profile ransomware groups.

Qilin targets a wide array of industries, including healthcare, education, manufacturing, retail, IT, hospitality, pharma, construction, and the public sector.  

The group is particularly assessed to be a "big game hunter," selecting targets capable of paying large ransom demands. This strategic targeting includes industries with sensitive and high-value data, such as healthcare and education.

Navigating the Uncertainty

The fallout from the Synnovis attack is extensive. Hospitals dependent on Synnovis for diagnostic services are grappling with delays and disruptions.

Critical lab results are postponed, surgeries are rescheduled, and the overall quality of patient care is compromised.  

The situation has forced London’s healthcare providers to declare a critical incident, a move that underscores the severity of the disruption.

In the face of this crisis, healthcare providers and cybersecurity experts are working round the clock to mitigate the damage. The primary focus is on restoring services and ensuring patient safety.  

Meanwhile, investigations continue to identify the perpetrators and understand the full scope of the attack.

Persistent Threat

The ransomware attack on Synnovis underscores the critical need for awareness of active ransomware threats and enhanced cybersecurity measures within the healthcare sector.  

As cyber threats continue to evolve, healthcare providers must adopt robust security protocols to protect sensitive patient data and ensure the continuity of essential services.

The ongoing investigation will hopefully shed more light on the perpetrators and provide valuable insights to prevent future attacks.

By understanding the tactics and motivations of ransomware groups like Qulin , organizations can better prepare and defend against such sophisticated threats.  

To learn more about the tools and tactics used by Qilin , as well as other prominent ransomware groups, check out the Halcyon Power Rankings: Ransomware Malicious Quartile Q1-2024 report.

‍

Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.