Ransomware gang LockBit apologises for SickKids ransomware attack
And who said criminals have no hearts? Notorious cybercrime gang LockBit has released an official apology for an extortion attack against Canada’s biggest children’s hospital SickKids. They have even gone ahead to release a free decryption key for the victim to recover their encrypted files.
In a statement on their site, the gang said that the attack goes against their code and it had been carried out by a now blacklisted partner.
"The partner who attacked this hospital violated our rules, is blocked, and is no longer in our affiliate program," the statement read.
SickKids confirmed that indeed it was attacked on December 18 resulting in the disruption of services on a few internal clinical and corporate systems as well as hospital phone lines and webpages. However, the hospital said that no personal information or personal health information was compromised.
As of January 1, SickKids reported that they were more than halfway through restoring their priority systems and everything was progressing well.
The hospital has also confirmed that they have received the free decryption offer from LockBit and are consulting with a third-party partner before proceeding.
So, are we to believe that the LockBit gang is ushering in a new era of compassion and kindness? Emsisoft threat analyst, Brett Callow does not think so. He believes the gang’s actions are more of self-preservation than compassion. "LockBit were not so charitable when demanding $10k from a hospital in a low-income country nor when dealing with a French hospital," the analyst tweeted.
As we write this, the gang has an active notice demanding to release over 15TB of stolen data from the Housing Authority of the City of Los Angeles (HACLA) if the agency does not pay up.
HACLA is yet to confirm that they have suffered a ransomware attack but it did announce on new years eve that a cyber incident had disrupted its operations.
"We are working diligently with third-party specialists to investigate the source of this disruption, confirm its impact on our systems, and to restore full functionality securely to our environment as soon as possible," a HACLA spokesperson said but did not reveal any further information on the attack.
LockBit ransomware gang has been around since 2019. During this time, their ransomware has been deployed against more than 1,000 organizations and tens of millions of dollars made in ransom payments.