After being hit by the LockBit ransomware-as-a-service (RaaS) apparatus, the Hospital for Sick Children (SickKids) received an unexpected holiday gift: A free decryptor and an apology from the cybercriminal group.

The children's hospital, located in Toronto, announced on Dec. 19 that it had just suffered a cyberattack that precipitated what it termed "Code Grey" — i.e., an internal systems failure. That forced clinicians to "transition to downtime procedures," it said, adding that it nonetheless believed the attack had only "impacted a few internal clinical and corporate systems, as well as some hospital phone lines and webpages."

By Dec. 29, the story was a bit more dire: SickKids admitted that parents and patients were experiencing diagnostic and/or treatment delays — a reality that families should expect to continue, according to an update from the hospital. However, it had managed to restore about half of its affected footprint, it said.

Researcher Dominic Alvieri then tweeted that he had a posting from the LockBit gang's leak site apologizing for the hit, and blaming the attack on a rogue affiliate who was outside of the group's control. LockBit, like many other ransomware bigwigs, rents out its malware to affiliates who carry out the actual attacks in exchange for a 20% cut of the takings.

"We formally apologize for the attack…and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," according to the posting.