UK Cybersecurity Reform Urged After Qilin Ransomware Attack

Severity: Medium (Score: 51.8)

Sources: Rusi, My.Rusi

Summary

In June 2024, the Russian ransomware group Qilin attacked Synnovis, a pathology services provider for NHS hospitals in south London, resulting in the cancellation of over 800 operations and delays for thousands of appointments. The attack highlighted the limitations of the UK's Computer Misuse Act (CMA), which prevents private firms from taking offensive actions against cyber threats despite their ability to identify and track such threats. Private threat intelligence firms quickly identified Qilin's infrastructure but were unable to disrupt it due to legal restrictions. The CMA, established in 1990, does not differentiate between malicious hacking and legitimate security research, creating a chilling effect on cybersecurity efforts. Efforts to reform the CMA have been stalled by government inaction, despite calls from industry leaders and stakeholders. A statutory defense for defensive activities is being discussed, but offensive operations remain restricted to state actors. The urgency for reform is underscored by the growing frequency of cyberattacks and the need for proactive measures. Key Points: • The Qilin ransomware attack in June 2024 disrupted NHS services significantly. • Private firms lack legal authority to disrupt cyber threats under the Computer Misuse Act. • Calls for reform of the CMA have been ongoing, but government action remains delayed.

Key Entities

• Ransomware (attack_type)
• CyberUp Campaign (campaign)
• Synnovis (ransomware_group)
• Qilin (ransomware_group)
• China (country)
• France (country)
• Iran (country)
• Russia (country)
• United States (country)
• Government (industry)
• T1071 - Application Layer Protocol (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)