Qilin Ransomware: Analyzing the threat that hit London Hospitals

The hospitals affected were unable to access the records for blood stocks, so had to make an emergency appeal for O -ive donors to donated asap. This was serious.

zetectic

it's concerning that people find it in any volume interesting, fun, or important to hijack hospitals with ransomware.

totallyoriginal

Congrats on the 500K subscribers. It is well deserved and earned.

rjjeffreys

Yeah I can confirm that this attack wasn’t just in the UK, but this attack happened also to hospitals in Sweden

Aloha_XERO

Hospitals need to have physical information along side the digital, they cant rely on systems/networks. Theres need to have a backup for these types of cases.

fernandohg

Looking forward to seeing your testing with all major AV/EDR vendors. Crowdstrike is the leader these days, so looking forward to seeing the results from that solution.

davidc

Great video as always. I have to say though that after the latest MalwareBytes update I have been bombarded with popups from it. A video to disable those would be nice, as I had to dig around quite a bit to kill them. I dont like needless pop up messages .

RogueDK

I haven't done pen testing in almost 20 years, because I pivoted to becoming a programmer instead. But why don't you just hook and check if each application is trying to poll all files on the disk, and then see if they are trying to read in specific files like TXT, PDF, etc. Surely it can't be too hard to heuristically determine cryptolockers.

girreturns

Brilliant video. Looking forward to the new Cyber content.

psx

So if the data is in a DVD Disk there is zero chance to encrypt the data xD

wolfbrave

It may not have impacted 'ER' as you put it, but:
"In total, 1, 134 elective surgeries have been postponed as a result of Qilin's attack on Synnovis, which began June 4, and 2, 194 outpatient appointments have also been pushed back.

The NHS's previous update from June 14, six days prior to its most recent one, stated that around 1, 500 surgeries and appointments had been delayed. That was a combined figure, it should be noted, one that has more than doubled in less than a week."

The real story here is why the hospital Disaster Recovery plans failed to operate.

The reason for these systems failing so badly is that the two key NHS Trusts involved, used each other for their backup - but all used the same single service provider. Most of us would have recognised this potential problem early on.

The good news is that many other NHS Trusts and their laborartory services were about to go down the same route - but are now recalualting the risks. Some good may come from this attack.

MashLimit

In my opinion, the security issue lies in the lack of adequate data integrity monitoring and systems based on data classification.

sandmanmoderngamer

Second. This sample also attacked Serbia

Kokomilenkoski

Very interesting, and thank you for explaining

LeonEdwinsHeart

Is it actually called as killin or chillin instead?

Rajorsi

How can I get the builder I want to test it too

EmzyWoo-kmgx

Can you do a review for the ransomware that took down Change Healthcare in the US?

niazmehedi

Thanks for another interesting insight into the world of low life Scammers and Hackers

johnbear

Can you do some videos on encryption and testing different options? And actually testing it if possible?

aussiegruber

What about Black Basta? have you made a video yet?

LAZERSW