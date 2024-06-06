Synnovis Ransomware Attack: Expert Commentary

June 2024 by Dmitry Sotnikov, Chief Product Officer at Cayosoft

There’s an alarming trend of ransomware attacks targeting healthcare - the most notable target this week being Synnovis, which provides pathology lab services for several hospitals in the UK. The commentary from Dmitry Sotnikov, Chief Product Officer at Cayosoft. Given the severity of the attack, Dmitry provides insight into what’s possibly going on behind the curtain and addresses the growing trend of ransomware attacks against healthcare providers:

"The attack on Synnovis is part of a deeply troubling trend we’ve observed in the healthcare industry over the last few years. According to the US Director of National Intelligence, ransomware attacks targeting healthcare providers nearly doubled in 2023, from 214 worldwide in 2022 to 389 in 2023. US healthcare providers have been disproportionately affected, rising from 113 in 2022 to 258 last year.

The cybercrime group Quinlin, the suspected perpetrator of this attack, is effectively bargaining innocent lives for financial gain. This is a particularly serious ransomware attack because it has disabled Synnovis’ operations. Based on that observation and earlier history, it’s likely that Quinlin got into the network via phishing emails sent to employees, then exploited a lack of Active Directory controls for reconnaissance, privilege elevations, and lateral spread, and finally proceeded by encrypting application and data servers, while also stealing data for subsequent double extortion demands. If that’s the case, the fast recovery of Synnovis’ Active Directory, which enables many core healthcare operations systems, is imperative. Once the directory is back and cleaned up from backdoors left by the criminals, the company can proceed by restoring other applications and data stores from their backups."