Notorious criminal hacking collective Lockbit has issued an apology after one of its members attacked a children’s hospital. A decryption key has been provided to the institution.
Not everything is allowed among criminals. On December 31, hacker collective Lockbit issued its first formal apology after an attack on the Hospital for Sick Children in Toronto (SickKids). ” The partner who attacked this establishment broke our rules, is blocked and is no longer part of our affiliate program”, can we read on the darknet site of the collective.
The group does not stop at a simple “sorry” and offers the hospital a tool to decipher all their data. On December 29, the hospital reported in a press release ” having restored almost 50% of priority systems. Patients and families should still be prepared for possible delays, work continues to bring all systems back online “. After a ransomware attack, the files are blocked and the victim will get a key only if he pays the demanded ransom.
Note that the cyberattack took place on December 18; we do not know how long it took the collective to react and provide a solution to the hospital center. Furthermore, Locbkit places the responsibility for the attack on an affiliate. It should be understood that the group works like a software rental company: the ransomware is rented and the users – pre-sorted by the managers – pay a commission on the income linked to the ransoms. Lockbit administrators earn around 20% on every amount paid to hackers.
” Generally, the ransomware group is singled out by all the media as the big culprit, while most often it is the affiliates who are carrying out the attacks says Martin Zugec, director of technical solutions at Bit Defender.
Poor reputation
In its charter, Lockbit states: “ It is prohibited to encrypt institutions where damage to files could lead to death, such as heart centers, neurosurgery departments, maternity hospitals and the like, i.e. institutions where surgical procedures on equipment high technology using computers can be performed “.
However, it was their ransomware that struck and paralyzed the Corbeil-Essonnes hospital last August. The collective did not provide any justification for this attack.
It’s not the first time either that a hacker group has publicly apologized. In May 2021, Conti Ransomware provided a decryptor to the Irish National Health Service, after pressure from international law enforcement. Lockbit may have reacted after the attack on the children’s hospital to prevent governments from stepping up their investigation against them. Their reputation is also at stake, if the group attacks hospitals, the “ordinary” victims will potentially be less inclined to pay a ransom to a collective responsible for the death of children.
Not all gangs have the same honor code. Vice Society has no qualms about hitting health facilities and has already attacked a maternity hospital in France. In total, nearly a dozen hospitals were attacked in 2022.
