The gang behind the LockBit ransomware has apologized for hacking into a Canadian children’s hospital. The criminals also provided a decryptor for free. LockBit has a ‘policy’ not to attack healthcare institutions.
Lock bit sorryA security researcher spotted the message on LockBit’s website. In it, the hackers write that they ‘formally apologize’ for the attack and that they offer the decryptor for free. With that decryptor, the hospital can decrypt all networks again. That process probably still costs a lot of time and money, about which the criminals say nothing. The hackers also say nothing about the data that may have been stolen in the attack. Data theft has become the standard in ransomware infections, so that a victim can be double extorted with the threat of making the data public. LockBit is a forerunner in this, but the criminals do not write whether they also delete the data.
LockBit refers to a third party that allegedly hit the children’s hospital. That is an affiliate that uses LockBit. LockBit is a ransomware-as-a-service, where other criminals can use the service and then pay a percentage of the extortion revenue to the original creators.
It concerns an attack on the Canadian Hospital for Sick Children. That was hit by ransomware on December 18 . At the end of the month, the hospital reported that half of its key systems were up and running, including those needed for treatments. At the time, the hospital warned that many treatments would be delayed.
More and more ransomware groups say they adhere to ‘ethical rules’. They often say they do not hit hospitals, despite the fact that they often have inadequate security measures and are easy victims. LockBit is at the forefront of this; it is one of the first gangs to come up with that policy. LockBit also gives its affiliates those rules. The criminals say on their forum post that they have banned the third party from the affiliate program, but it is unclear whether such a ban is enforced in practice.