Jump to content
  • Ransomware gang apologizes, gives SickKids hospital free decryptor

    alf9872000

    • 433 views
    • 3 minutes
     Share


    • 433 views
    • 3 minutes

    The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization.

     

    SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children.

     

    On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website.

     

    While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.

     

    On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays.

    LockBit gang apologizes for attack

    As first noted by threat intelligence researcher Dominic Alvieri, two days after SickKids' latest announcement, the LockBit ransomware gang apologized for the attack on the hospital and released a decryptor for free.

     

    "We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," stated the ransomware gang.

     

    BleepingComputer has confirmed that this file is available for free and claims to be a Linux/VMware ESXi decryptor. As there is no additional Windows decryptor, it indicates that the attacker could only encrypt virtual machines on the hospital's network.

     

    lockbit-site.jpg
    Apology to SickKids on the LockBit data leak site
    Source: BleepingComputer
     

    The LockBit operation runs as a Ransomware-as-a-Service, where the operators maintain the encryptors and websites, and the operation's affiliates, or members, breach victims' networks, steal data, and encrypt devices.

     

    As part of this arrangement, the LockBit operators keep approximately 20% of all ransom payments and the rest goes to the affiliate.

     

    While the ransomware operation allows its affiliates to encrypt pharmaceutical companies, dentists, and plastic surgeons, it prohibits its affiliates from encrypting "medical institutions" where attacks could lead to death.

     

    "It is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed," explains the ransomware operation's policies.

     

    The stealing of data from any medical institution is allowed per the policies.

     

    According to the ransomware gang, as one of its affiliates encrypted the hospital's devices, they were removed from the operation, and a decryptor was offered for free.

     

    However, this does not explain why LockBit did not provide a decryptor sooner, with patient care being impacted and SickKids working to restore operations since the 18th.

     

    Furthermore, LockBit has a history of encrypting hospitals and not providing encryptors, as was seen in its attack against the Center Hospitalier Sud Francilien (CHSF) in France, where a $10 million ransom was demanded, and patient data eventually leaked.

     

    The attack on the French hospital led to referring patients to other medical centers and postponing surgeries, which could have led to significant risk to patients.

     

    BleepingComputer had contacted LockBit at the time to understand why they were demanding a ransom from CHSF, even though it was against policies, but never received a response.

     

    This is not the first time a ransomware gang has provided a free decryptor to a healthcare organization.

     

    In May 2021, the Conti Ransomware operation provided a free decryptor to Ireland’s national health service, the HSE, after facing increased pressure from international law enforcement.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...