After claiming that one of its partners was responsible for a cyberattack on Canada’s largest paediatric hospital, one of the world’s most known ransomware gangs offered a rare apology. On December 18th, the Hospital for Sick Children (SickKids) in Toronto was the target of a ransomware attack that rendered several of the institution’s vital systems inoperable. Patient wait times increased as a result of the incident. SickKids announced on December 29th that it has restored access to about half of its priority systems, including those that had caused diagnostic and treatment delays.
Security researcher Dominic Alvieri discovered an apology from the LockBit gang for its involvement in the event over the weekend. The group stated that it would supply SickKids with a free decryptor and that it had blocked the “partner” who carried out the hack for breaking the gang’s rules. According to BleepingComputer, the LockBit gang operates a “ransomware-as-a-service” operation. Affiliates of the group conduct the dirty job of locating targets to breach and extort payment from, while the main operation maintains the virus that partners use to lock systems. As part of the deal, the gang takes a 20% cut of all ransom payments. Furthermore, the group asserts that adherents are not permitted to target “medical establishments” when an attack could result in death.