Ransomware gang apologizes for attack on children's hospital

(Image credit: Kaspersky)

Rarely do we see cybercriminals engage in brand crisis management but it’s 2023 now and anything’s possible.

An affiliate of the infamous LockBit ransomware-as-a-service program recently attacked SickKids.ca - the Hospital for Sick Children. SickKids is a major pediatric teaching hospital located on University Avenue in Toronto, Canada, and Affiliated with the Faculty of Medicine of the University of Toronto.

During the attack, the threat actor managed to partially disable corporate systems, hospital phone lines, and the website. As a result, the hospital has had trouble receiving lab and imaging results, with the patients having to wait longer for their test results.

Formal apology

Two days later, cybersecurity researcher Dominic Alvieri announced on Twitter that the group appeared to have formally apologized for the incident and said the threat actor violated its rules of engagement.

"We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," the ransomware group said.

The decryptor seems to be a Linux/VMware ESXi decryptor, BleepingComputer explained, suggesting that the attack was targeted at virtual machines only.

> LockBit ransomware leaked online by angry developer

> LockBit ransomware is spreading from compromised Microsoft Exchange servers

> These are the best malware removal software around

While cybercriminals might be unscrupulous in their quest for financial gain, some avoid certain industries, healthcare and critical infrastructure included. Even though it might sound like they’re doing it from the goodness of their heart, it’s more likely that they’re looking to avoid the wrath of law enforcement.

After all, the incidents with Colonial Pipeline, JBS, and others, has drawn the attention of the highest legislators and law enforcement agencies to the dangers of ransomware, and resulted in the dismantling of some of the world’s biggest operations.

LockBit forbids its affiliates from encrypting endpoints whose operations are essential to patients’ lives, but allows stealing any data from healthcare organizations.

These are the best firewalls right now

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.