This doesn’t happen often, but the infamous ransomware group LockBit has issued a formal apology for a cyberattack on Canada’s largest pediatric medical center. The cartel has even offered the hospital the code to restore the encrypted system.
LockBit, a group the US Federal Bureau of Investigation has called one of the most active and destructive in the cyber world, claims one of its partners was behind a hit on Toronto’s Hospital for Sick Children (SickKids Hospital).
The global ransomware operator said on its data leak site it had blocked the unnamed partner and offered the decryptor to restore the system. This was the first time LockBit had publicly apologized for a cyberattack.
“We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program,” LockBit’s statement said.
The SickKids hospital soon said it was aware of the statement, stressed that it has not made a ransom payment, and added that it was consulting with experts to validate and assess the decryptor.
The hospital suffered a ransomware attack back on December 18. It delayed lab and imaging results, knocked out phone lines, and shut down the staff payroll system, increasing waiting times for patients.
SickKids now says 60% of its priority systems have since been brought back online, and restoration efforts are "progressing well." However, even if the systems are fully restored with the help of the decryptor, the hospital might also need to rebuild their cybersecurity architecture, and this will take time.
Why the apology, though? It’s sort of in the footnotes of the criminal LockBit operation. It employs the ransomware-as-a-service model, where the operators maintain the encryptors and websites, and the affiliates breach victims' networks, steal data, and encrypt devices.
The LockBit operators keep approximately 20% of all ransom payments – the rest goes to the affiliate. But the group prohibits its affiliates from encrypting medical institutions where attacks could lead to death – this was the case with the SickKids hospital in Toronto.
However, LockBit allows its affiliates to encrypt pharmaceutical companies, dentists, and plastic surgeons.
Since joining the criminal scene around 2020, LockBit has become one of the most prevalent ransomware families. Targets have ranged from big multinationals such as Continental to local governments.
In November, an important LockBit gang member, a Russian national Mikhail Vasiliev, was arrested in Canada, and the Japanese police, according to the country’s media, have been successfully decrypting networks attacked with the LockBit ransomware.
This could become an important tool to fight cybercrime worldwide as Japan will surely share its methods with investigative agencies in other countries. Still, LockBit has already shown resilience - it keeps releasing new generations of malware.
Pundits think LockBit’s success stems from the group’s ability to combine a business-like approach with specialized technology. LockBit has also opted for a relatively under-the-radar approach, and experts say individual arrests are unlikely to shake the foundations of the cartel because it is well-staffed and decentralized.
More from Cybernews:
Subscribe to our newsletter