After claiming that one of its partners was responsible for a cyberattack on Canada’s largest paediatric hospital, one of the world’s most known ransomware gangs offered a rare apology. On December 18th, the Hospital for Sick Children (SickKids) in Toronto was the target of a ransomware attack that rendered several of the institution’s vital systems inoperable. Patient wait times increased as a result of the incident. SickKids announced on December 29th that it has restored access to about half of its priority systems, including those that had caused diagnostic and treatment delays.
Security researcher Dominic Alvieri discovered an apology from the LockBit gang for its involvement in the event over the weekend. The group stated that it would supply SickKids with a free decryptor and that it had blocked the “partner” who carried out the hack for breaking the gang’s rules. According to BleepingComputer, the LockBit gang operates a “ransomware-as-a-service” operation. Affiliates of the group conduct the dirty job of locating targets to breach and extort payment from, while the main operation maintains the virus that partners use to lock systems. As part of the deal, the gang takes a 20% cut of all ransom payments. Furthermore, the group asserts that adherents are not permitted to target “medical establishments” when an attack could result in death.
SickKids is aware of a statement from a ransomware group offering a decryptor to restore systems impacted by the cybersecurity incident on December 18. Read more: https://t.co/clU1IqK7Qh pic.twitter.com/H9S4ERgih7
— SickKids_TheHospital (@SickKidsNews) January 1, 2023
SickKids acknowledged the assertion on Sunday and said it was working with outside security experts to “verify and assess the use of the decryptor,” adding that no ransom payments had been received. The hospital also stated that it had recently regained access to roughly 60% of its priority system. It’s unclear why the LockBit gang waited nearly two weeks to offer assistance to SickKids if the attack violated its code. It’s also worth noting that the gang has a track record of targeting hospitals and failing to deliver a decryptor. For example, earlier this year, the gang demanded a $1 million ransom from the Center Hospitalier Sud Francilien in France, and after the hospital refused to pay, the group leaked patient data.
