Too bad the hackers can’t be recruited to return the chaos. Russian cybercriminals and Western hackers are banding together to launch more sophisticated and devastating ransomware attacks, putting America’s critical infrastructure and businesses at unprecedented risk. Qilin, a Russian hacker group, recently targeted major London hospitals, resulting in critical incidents and cancelled operations. Russian ransomware gangs operate with impunity as long as they don’t target Russian entities.
Major London Hospitals Crippled by Russian Hackers
Russian hackers identified as the Qilin group executed a devastating cyberattack on London hospitals by targeting Synnovis, a pathology services firm critical for blood transfusions and test results. The attack resulted in hospitals declaring a critical incident, with cancelled operations and diverted emergency patients affecting King’s College Hospital, Guy’s and St. Thomas’, the Royal Brompton, and the Evelina London Children’s Hospital. NHS London was forced to launch a “cyber incident response team” to minimize the disruption while following the British government’s strict policy of refusing to pay ransoms.
It is believed a Russian group of cyber criminals who call themselves Qilin. They’re simply looking for money. It’s the more serious type of ransomware where the system just doesn’t work.
Russian Government Hackers Caught Buying Passwords from Cybercriminals
Microsoft flags a new Kremlin hacking team buying stolen usernames and passwords from infostealer markets for use in cyberespionage attacks. https://t.co/jL2X4hUKxx
— Karol Cummins – New Acct (@karolcummins) May 29, 2025
Global Crackdown on Russian-Led Cybercrime Networks
European and North American cybercrime investigators have recently dismantled a Russian-led malware operation, issuing arrest warrants for 20 suspects primarily residing in Russia. The operation specifically targeted the Qakbot and Danabot malware networks, with public appeals released to track down 18 suspects involved with Qakbot and Trickbot. Among the major targets is Vitalii Nikolayevich Kovalev, a suspect linked to the Conti ransomware group who is considered one of the most successful cybercriminals and is believed to be living in Moscow with a crypto wallet worth approximately €1 billion.
German authorities initiated Operation Endgame in 2022, focusing on cybercriminal activities that particularly targeted US hospitals during the Covid pandemic. Despite these efforts, the collaboration between Russian cybercriminals and Western hackers continues to evolve and present new challenges to law enforcement agencies worldwide.
Cybersecurity investigators worry ransomware attacks may worsen as young, Western hackers work with Russians https://t.co/G2toBiIuQw pic.twitter.com/FFJYzwZEY1
— Shring Technologies (@ShringTech) June 2, 2025
Las Vegas Casino Attack: A Warning Sign
A September 2023 attack on MGM Resorts demonstrated the growing severity of these collaborative ransomware operations. The attack cost the company over $100 million and severely disrupted operations at major Las Vegas hotels and casinos. The attack was executed through social engineering by a group called “Scattered Spider,” consisting of young English-speaking hackers suspected of collaborating with Russian ransomware gangs like BlackCat. MGM refused to pay the $30 million ransom demand, resulting in massive financial losses, while competitor Caesars opted to pay a similar ransom to avoid disruptions.
“Incredibly, when it happened, I was in an MGM property, and it happened while we were having dinner, and there just began to be a rumbling that something was going on. When I went down into the casino, I could see then that slot machines were sitting dark and people were scrambling around. The shutdown was starting to take effect.” Anthony Curtis
The Dangerous New Alliance
The collaboration between Russian cybercriminals and Western hackers represents a significant evolution in the ransomware threat landscape. Young, native-English-speaking hackers from the United States, United Kingdom, and Canada bring valuable social engineering skills and cultural knowledge that make their phishing attempts and impersonation tactics more convincing to Western targets. Meanwhile, Russian hackers contribute sophisticated malware tools, infrastructure, and operational security expertise developed over years of operating with relative impunity in Russia.
The National Security Agency has increased efforts to combat these evolving threats, deploying its own hackers to identify and counteract cybercriminals. Despite some successes, including the arrest of a 19-year-old linked to Scattered Spider, the threat continues to grow. Cybersecurity experts warn that Las Vegas casino attacks may just be the beginning, as these collaborative hacker groups target increasingly critical infrastructure and essential services across America and allied nations.