A Russian cyber gang is believed to be behind the ransomware attack that hit London hospitals

LONDON – A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to the cancellation of surgeries and appointments, a former British cybersecurity chief said Wednesday.

A group known as Qilin is most likely behind the attack on Synnovis, which provides pathology laboratory services to several National Health Service-run hospitals, said Ciaran Martin, former chief executive of the National Cybersecurity Center.

Martin said it was one of the more serious ransomware attacks in the UK because it rendered it inoperable.

“It’s a more serious type of ransomware where the system just doesn’t work,” Martin told BBC Radio 4. “If you work in healthcare in this trust, you just don’t get the results, so it’s really disruptive. “

The NHS said Monday’s incident affected King’s College and Guy’s and St Thomas’ hospital trusts, which run several hospitals in south London as well as clinics and GP surgeries across much of the city.

A memo to staff called it a “critical incident” and said it had had a “major impact” on services, particularly blood transfusions. Procedures and surgeries have been canceled or redirected elsewhere.

The incident was reported to the police.

Synnovis Chief Executive Mark Dollar said Tuesday he was still trying to understand what happened. The company made no further comments on Wednesday.

Ransomware is when criminals paralyze computer systems with malware and then demand money to release them. Ransomware is the costliest and most destructive form of cybercrime, attacking local governments, courts, hospitals and schools, as well as enterprises. It is difficult to combat it because most gangs are based in former Soviet states and beyond the reach of Western justice.

The UK’s state-funded healthcare system has already come under attack, including during a 2017 ransomware attack that caused computers in hospitals across the country to freeze, wards and emergency rooms to close, and treatment to be suspended.

Qilin, also known as Agenda, advertises on cybercrime forums on the dark web and leases malware to affiliates who use it to launch attacks in exchange for a set amount of ransom, said Louise Ferrett of Searchlight Cyber, a threat research firm. The group named more than 100 victims.