Following the hospital’s breach in the middle of December, the LockBit ransomware group has expressed regret and given it a free decryption key.
The Hospital for Sick Children (SickKids) in Toronto was the target of a ransomware attack on December 18 that stopped the institution from accessing several of its vital systems.
“We formally apologize for the attack on sikkids[.]ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked, and is no longer in our affiliate program.” reads the message published by Lockbit on its Tor leak site.
Apology to SickKids on the LockBit data leak site
Reports stated that it is well known that the organisation forbids its affiliates from striking healthcare institutions. Its policy prohibits encrypting systems at organizations where a breach could result in deaths.
“It is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals, and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed,” state the policies of the ransomware operations.
The Group Blamed the Incident on a Partner
The gang explained why it had blocked the affiliate because one of its members had attacked SickKids in violation of the group’s guidelines.
Patient wait times increased as a result of the incident. SickKids reported that as of December 29th, it had reclaimed access to approximately 50% of its critical systems, including those that had delayed diagnostic and treatment procedures.
The decryptor that the gang claims to have provided are a Linux/VMware ESXi decryptor, as reported by BleepingComputer.
Multiple hospital network systems were affected by the hack, although the healthcare group claims that patient care was unaffected.
“The Hospital for Sick Children (SickKids) is currently responding to a cybersecurity incident affecting several network systems and has called a Code Grey – system failure. The code went into effect at 9:30 p.m. on Sunday, December 18, and is ongoing.” reads the incident notice published by the Hospital.
“The safety and well-being of our patients and their families is our top priority. All patient care is continuing and there is currently no evidence that personal information or personal health information has been impacted.”
As seen by its attack on the Center Hospitalier Sud Francilien (CHSF) in France, where a $10 million ransom was demanded and patient data ultimately disclosed, LockBit has a history of encrypting hospitals and failing to provide encryptors.
Due to the attack on the French hospital, patients were transferred to other hospitals, and surgeries were delayed, putting them at serious risk. Hence, this is not the first time a ransomware group has given a healthcare organization a free decryptor.
Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book