The Russian-speaking cybercrime gang said an affiliate violated its rules against attacks that could lead to bodily harm for medical patients.
January 3, 2023
After being hit by the LockBit ransomware-as-a-service (RaaS) apparatus, the Hospital for Sick Children (SickKids) received an unexpected holiday gift: A free decryptor and an apology from the cybercriminal group.
The children's hospital, located in Toronto, announced on Dec. 19 that it had just suffered a cyberattack that precipitated what it termed "Code Grey" — i.e., an internal systems failure. That forced clinicians to "transition to downtime procedures," it said, adding that it nonetheless believed the attack had only "impacted a few internal clinical and corporate systems, as well as some hospital phone lines and webpages."
By Dec. 29, the story was a bit more dire: SickKids admitted that parents and patients were experiencing diagnostic and/or treatment delays — a reality that families should expect to continue, according to an update from the hospital. However, it had managed to restore about half of its affected footprint, it said.
Researcher Dominic Alvieri then tweeted that he had a posting from the LockBit gang's leak site apologizing for the hit, and blaming the attack on a rogue affiliate who was outside of the group's control. LockBit, like many other ransomware bigwigs, rents out its malware to affiliates who carry out the actual attacks in exchange for a 20% cut of the takings.
"We formally apologize for the attack…and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," according to the posting.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024