Lockbit reaches new lows by targeting an IDD clinic


The prolific ransomware gang Lockbit likely breached support service for children with intellectual and developmental disabilities (IDD).

The Arc of Essex County, a New Jersey-based organization for children with IDD, has appeared on Lockbit’s blog, an underground website the gang uses to post its victims.

The countdown clock implies that the organization’s data will be made public if the Arc of Essex County doesn’t pay ransom until February 26.

Lockbit breach
Victim posted on the gang‘s leak site. Image by Cybernews.

The tactic criminals use is dubbed ‘double extortion.’ Not only are victims robbed of their data, but they’re also threatened with it being made public if the ransom demands are not met.

The Arc of Essex County is an organization that “provides advocacy and services empowering individuals with intellectual and developmental disabilities and their families.”

We have reached out to the supposedly breached organization but did not immediately receive a reply.

While expecting decency from ransomware gangs is not advised, Lockbit tries to maintain an illusion of ethical behavior and a business-only approach.

For example, after a gang’s affiliate hit Canada’s largest children’s hospital, the Hospital for Sick Children, last year, Lockbit issued an apology and provided the decryptor for free.

Researchers pointed out that the gang has a policy stating that attacks on medical institutions, which could lead to patients’ deaths, are unacceptable. Avoiding such incidents helps Lockbit to limit law enforcement interest in it.

Last year Lockbit ransomware edged to the title of the most prevalent ransomware strain. The gang fiercely competes with other crime syndicates for talent, playing it dirty if necessary.

Researchers link the gang with other notorious and mostly Russia-based cybergangs such as Conti and its successor BlackBasta, DarkSide and its successors BlackMatter, BlackCat/ALPHV, and Fin7 cybercriminal group.

Recently, the gang was suspected to being behind an attack on a key software supplier Ion that has caused severe disruption for trading in the City of London.