LockBit Ransomware Gang Apologizes For SickKids Hospital Attack, Offers Free Decryptor
The group blamed the incident on a partner.
One of the world's most notorious ransomware gangs has issued a rare apology after claiming one of its partners was responsible for a cyberattack on Canada's largest children's hospital. On December 18, the Hospital for Sick Children (SickKids) in Toronto suffered a ransomware attack that blocked the facility from accessing many of its critical systems. The incident resulted in increased patient wait times. As of December 29, SickKids said it had regained access to nearly 50% of its priority systems, including those that had caused diagnostic and treatment delays.
Over the weekend, security researcher Dominic Alvieri spotted an apology from the LockBit gang for their involvement in the incident. The group said it would provide a free decryptor to SickKids and had blocked the "partner" who carried out the attack for breaking gang rules. As BleepingComputer notes, the LockBit group is performing what is called a "ransomware-as-a-service" operation. The organization has affiliates who do the dirty work of finding targets to compromise and extract payment from, while the main operation maintains malware that partners use to lock down systems. As part of this arrangement, the gang takes a 20% cut on all ransom payments. Additionally, the group claims to prohibit affiliates from targeting "medical institutions" where an attack could result in someone's death.
On Sunday, SickKids acknowledged the statement and said it was working with outside security experts to "validate and evaluate the use of the decryptor", adding that it had not made any ransom payments. The hospital also said it recently restored access to about 60% of its priority system. It's unclear why it took the LockBit gang nearly two weeks to offer help to SickKids if the attack was against their code. It should also be noted that the group has a habit of targeting hospitals and not sending them a decryptor. Earlier this year, for example, the group demanded a million dollar ransom from the Center Hospitalier Sud Francilien in France and eventually leaked patient data after the hospital refused to pay.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.
The group blamed the incident on a partner.
One of the world's most notorious ransomware gangs has issued a rare apology after claiming one of its partners was responsible for a cyberattack on Canada's largest children's hospital. On December 18, the Hospital for Sick Children (SickKids) in Toronto suffered a ransomware attack that blocked the facility from accessing many of its critical systems. The incident resulted in increased patient wait times. As of December 29, SickKids said it had regained access to nearly 50% of its priority systems, including those that had caused diagnostic and treatment delays.
Over the weekend, security researcher Dominic Alvieri spotted an apology from the LockBit gang for their involvement in the incident. The group said it would provide a free decryptor to SickKids and had blocked the "partner" who carried out the attack for breaking gang rules. As BleepingComputer notes, the LockBit group is performing what is called a "ransomware-as-a-service" operation. The organization has affiliates who do the dirty work of finding targets to compromise and extract payment from, while the main operation maintains malware that partners use to lock down systems. As part of this arrangement, the gang takes a 20% cut on all ransom payments. Additionally, the group claims to prohibit affiliates from targeting "medical institutions" where an attack could result in someone's death.
On Sunday, SickKids acknowledged the statement and said it was working with outside security experts to "validate and evaluate the use of the decryptor", adding that it had not made any ransom payments. The hospital also said it recently restored access to about 60% of its priority system. It's unclear why it took the LockBit gang nearly two weeks to offer help to SickKids if the attack was against their code. It should also be noted that the group has a habit of targeting hospitals and not sending them a decryptor. Earlier this year, for example, the group demanded a million dollar ransom from the Center Hospitalier Sud Francilien in France and eventually leaked patient data after the hospital refused to pay.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
