Security researcher Dominic Alvieri discovered an apology from the LockBit group for their role in the event over the weekend. The organisation said that it would supply SickKids with a free decryptor and that it had barred the “partner” who carried out the hack from breaking the gang’s rules. According to BleepingComputer, the LockBit gang operates a “ransomware-as-a-service” business. Affiliates of the group conduct the dirty job of locating targets to breach and extort cash from, while the main operation maintains the virus that partners use to lock computers. As part of the deal, the gang receives a 20% share of all ransom payments. Furthermore, the organisation asserts that adherents are not permitted to target “medical institutions” when an assault might result in death.
SickKids confirmed the assertion on Sunday and said it was working with independent security experts to “verify and analyse the usage of the decryptor,” adding that no ransom payments had been received. The hospital also said it has just regained access to around 60% of its priority system. It’s unclear why the LockBit gang waited almost two weeks to provide assistance to SickKids if the hack violated its code. It’s also worth noting that the gang has a track record of targeting hospitals and failing to provide a decryptor. For example, earlier this year, the gang sought a $1 million ransom from the Center Hospitalier Sud Francilien in France, and when the hospital refused to pay, the organisation exposed patient data.
