The famous hacker group Lockbit has delivered the decryption key for free to unlock the computer system of a pediatric institution attacked by ransomware. The group also apologized.
Cyberattacks on hospitals do not seem to pose a problem of conscience for hackers, but sometimes some are seized with remorse. Rarely, after the attack on a pediatric hospital in Toronto, Canada, the group exploiting the Lockbit 2.0 ransomware and its many variants quickly gave the decryption key with an apology.
the hospital SickKids specializes in research and care for sick children. On December 18, he was heavily impacted by ransomware that paralyzed his phone lines, website and part of the hospital’s computer systems. Encryption was content with a limited number, but the cut of some others had caused delays in the care and treatment of small patients.
It took more than ten days for the centre’s IT department to restore 50% of its priority systems, particularly those that were causing delays in diagnosis and treatment. The group apologized on their blog that one of their partners had violated their rules and was no longer part of their affiliate program.
A regulation with variable geometry
This announcement shows the originality of this informal and highly organized group, whose activities seem far from being governed by the laws of the cybercriminal jungle that one can imagine. Lockbit is what is called a Ransomware-as-a-Service, a “ransomware as a service” in French. This means that it is possible to hire a custom attack and reap the benefits. As part of the user agreement for this service, Lockbit managers take 20% of the ransoms demanded. The rest of the loot goes to the attacker. This group is well known in France for its attacks on the town hall of Saint-Cloud and the Ministry of Justice.
This organization, which claims to have rules, nevertheless authorizes attacks against health-related organizations. The limits relate to ciphers that could lead to death, as already happened for a patient in a hospital in Germany in September 2020.
And yet, Lockbit does not always have the same level of requirements vis-à-vis its regulations. The group and its operators stood out recently for the attack against the Center Hospitalier Sud-Francilien (CHSF) located in Corbeil-Essonnes, France. A case in which the ransom was not paid and patient data was eventually leaked by Lockbit operators. This cyberattack deeply disrupted the hospital center and the risk to patients was high enough for this so-called regulation to be applied.