Notorious criminal hacking collective Lockbit has issued an apology after one of its members attacked a children’s hospital. A decryption key has been provided to the institution.
Not everything is allowed among criminals. On December 31, hacker collective Lockbit issued its first formal apology after an attack on the Hospital for Sick Children in Toronto (SickKids). “The partner who attacked this establishment broke our rules, is blocked, and is no longer part of our affiliate program,” reads the collective’s darknet site.
The group does not stop at a simple “sorry” and offers the hospital a tool to decipher all their data. On December 29, the hospital said in a press release that “it has restored almost 50% of the priority systems. Patients and families should nonetheless be prepared for possible delays, work continues to bring all systems back online.” After a ransomware attack, the files are blocked and the victim will get a key only if he pays the demanded ransom.
Note that the cyberattack took place on December 18; we do not know how long it took the collective to react and provide a solution to the hospital center. In addition, Locbkit leaves the responsibility for the attack on an affiliate. It should be understood that the group works like a software rental company: the ransomware is rented and the users – pre-sorted by the managers – pay a commission on the income linked to the ransoms. Lockbit administrators earn around 20% on every amount paid to hackers.
“Generally, the ransomware group is singled out by all the media as the big culprit, while most often it is the affiliates who carry out the attacks,” said Martin Zugec, director of technical solutions at Bit Defender.
In its charter, Lockbit states: “It is prohibited to encrypt institutions where damage to files could result in death, such as heart centers, neurosurgery departments, maternity hospitals and the like, i.e. institutions where surgical procedures on high-tech equipment using computers can be performed”.
However, it was their ransomware that struck and paralyzed the Corbeil-Essonnes hospital last August. The collective did not provide any justification for this attack.
It’s not the first time either that a hacker group has publicly apologized. In May 2021, Conti Ransomware provided a decryptor to the Irish National Health Service, after pressure from international law enforcement. Lockbit may have reacted after the attack on the children’s hospital to prevent governments from stepping up their investigation against them. Their reputation is also at stake, if the group attacks hospitals, the “ordinary” victims will potentially be less inclined to pay a ransom to collective responsibility for the death of children.