The notorious LockBit ransomware group has released a free decryptor for the SickKids hospital as compensation for the violation made by one of its members. According to the ransomware group, some members have violated their rules regarding attacking healthcare organisations, especially hospitals.
SickKids is a hospital for sick children and a tech and research hospital in Toronto that prioritises giving healthcare to minors.
Last month, the hospital experienced a ransomware attack that affected their hospital phone lines, website, and internal and corporate systems. The attack only encrypted a few systems, but the hospital stated that the campaign caused delays and interruptions in receiving lab results, leading to longer patient wait times.
Researchers stated that LockBit apologised to SickKids hospital regarding the attack.
According to the group, they sincerely apologise for the cybercriminal act done by their members at SickKids hospital. Hence, they are giving back a free decryptor to unlock the company’s encrypted data during the attack.
The LockBit operation is a Ransomware-as-a-Service. The operators maintain the encryptors and sites, and the operation’s partners, or members, infiltrate victims’ networks, harvest data, and encrypt devices.
However, the LockBit operators will keep 20% of all ransom payments, and the rest will go to their violating affiliate as part of the arrangement.
The LockBit group explained that they allow their affiliates to execute a ransomware operation against pharma companies, plastic surgeons, and dentists. Still, they prohibit their members from encrypting medical institutions where a campaign could result in death.
Also, stealing information from any medical institution is not allowed in LockBit’s policies.
The ransomware group has removed the members who attacked the hospital’s devices, and the actors offered a decryptor for free.
Unfortunately, cybersecurity experts are still not convinced by LockBit’s actions since it does not explain why they have not given a free decryptor sooner. LockBit has also operated a cyberattack against other hospitals and did not provide a free decryptor.
Therefore, their attack against a French hospital that resulted in the patients’ data leak is not justified by their recent actions towards SickKids.
