Notorious criminal hacking collective Lockbit has issued an apology after one of its members attacked a children’s hospital. The institution was provided with a decryption key.
Not everything is allowed to criminals. On December 31st, the Lockbit hacker collective issued its first official apology for the attack on the Toronto Hospital for Sick Children (SickKids). “The partner who attacked this establishment violated our rules, was blocked and is no longer participating in our affiliate program,” you can read on the team’s dark web site.
The group goes beyond a simple “sorry” and offers the hospital a tool to decrypt all of their data. On December 29, the hospital said in a press release that “nearly 50% of priority systems have been restored. However, patients and their families should be prepared for possible delays, and work continues to restore the functionality of all systems.” After a ransomware attack, the files are locked and the victim will only receive the key if they pay the required ransom.
Apologies to Lockbit on their Darknet site. // Source: Numerama
Note that the cyberattack occurred on December 18. we do not know how long it took the team to respond and provide a solution to the hospital center. In addition, Locbkit places the responsibility for the attack on the partner. It should be understood that the group operates like a software rental company: ransomware is rented out, and users, pre-screened by managers, pay a commission on the income associated with the ransom. Lockbit administrators earn about 20% of every amount paid to hackers.
“Typically, all the media singles out the ransomware group as a big culprit, while affiliates are the most likely to carry out attacks,” said Martin Zugek, director of technical solutions at Bit Defender.
In its bylaws, Lockbit states: “It is prohibited to encrypt facilities where file corruption could be lethal, such as cardiac centers, neurosurgery departments, maternity hospitals, and the like, i.e. institutions where surgical procedures on high-tech equipment using computers can be performed.”
However, it was their ransomware that hit and paralyzed the Corbeil-Essonne hospital last August. The collective did not provide any justification for this attack.
This is not the first time the hacker group has publicly apologized. In May 2021, the Conti Ransomware provided the decryptor to the Irish National Health Service after pressure from international law enforcement. Lockbit may have reacted to the attack on the children’s hospital to prevent governments from stepping up investigations against them. Their reputation is also at stake, because in the event of a group attack on hospitals, “ordinary” victims would potentially be less likely to pay ransoms to the collective responsible for the deaths of children.
Not all gangs have the same honor code. Vice Society does not hesitate to strike at medical facilities and has already attacked a maternity hospital in France. In total, about a dozen hospitals were attacked in 2022.