After claiming that one of its partners was responsible for an assault on Canada’s biggest paediatric hospital, one of the world’s most known ransomware gangs offered a rare apology. On December 18th, the Hospital for Sick Children (SickKids) in Toronto was the target of a ransomware assault that rendered several of the institution’s vital systems inoperable. Patient wait times increased as a result of the event. SickKids announced on December 29th that it had restored access to about half of its key systems, including those that had caused diagnostic and treatment delays.
SickKids is aware of a statement from a ransomware group offering a decryptor to restore systems impacted by the cybersecurity incident on December 18. Read more: https://t.co/clU1IqK7Qh pic.twitter.com/H9S4ERgih7
— SickKids_TheHospital (@SickKidsNews) January 1, 2023
Security researcher Dominic Alvieri discovered an apology from the LockBit group for their role in the event over the weekend. The organisation said that it would supply SickKids with a free decryptor and that it had barred the “partner” who carried out the hack from breaking the gang’s rules. According to BleepingComputer, the LockBit gang operates a “ransomware-as-a-service” business. Affiliates of the group conduct the dirty job of locating targets to breach and extort cash from, while the main operation maintains the virus that partners use to lock computers. As part of the deal, the gang receives a 20% share of all ransom payments. Furthermore, the organisation asserts that adherents are not permitted to target “medical institutions” when an assault might result in death.
SickKids confirmed the assertion on Sunday and said it was working with independent security experts to “verify and analyse the usage of the decryptor,” adding that no ransom payments had been received. The hospital also said it has just regained access to around 60% of its priority system. It’s unclear why the LockBit gang waited almost two weeks to provide assistance to SickKids if the hack violated its code. It’s also worth noting that the gang has a track record of targeting hospitals and failing to provide a decryptor. For example, earlier this year, the gang sought a $1 million ransom from the Center Hospitalier Sud Francilien in France, and when the hospital refused to pay, the organisation exposed patient data.
