- ICO Warns of Festive Mobile Phone Privacy Snafu
- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
LockBit Hands Ransomware Decryptor to Kids’ Hospital
A prolific ransomware group has apologized to a children’s hospital and provided it with a free decryption key after the facility was compromised in mid-December.
The incident occurred at Toronto’s Hospital for Sick Children (SickKids) on the evening of December 18 2022, local time.
Although it said in a statement that it had “mobilized quickly to mitigate potential impacts to the continuity of care,” Canada’s largest pediatric hospital also admitted that it would be a “matter of weeks” before systems returned to normal.
“Clinical teams are currently experiencing delays with retrieving lab and imaging results, which may cause longer wait times for patients and families,” it reportedly warned at the time.
However, the LockBit affiliate responsible had actually contravened the group’s policy on targets, it said subsequently in a brief statement on New Year’s Eve.
“We formally apologize for the attack on sickkids.ca and give back the decryptor for free,” noted the statement, reposted by Emsisoft threat analyst, Brett Callow. “The partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program.”
According to the group’s rules on targeting organizations, affiliates are only allowed to “very carefully and selectively attack medical-related institutions such as pharmaceuticals companies, dental clinics, plastic surgeries …” and other specific institutions.
“It is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed,” the notice continues.
As Callow argued at the time, this isn’t the first case of a decryption key being handed to a hospital by the group that attacked it. The same happened when Conti helped out the Irish Health Service Executive (HSE) and DoppelPaymer gifted Helios University Hospital a decryptor.
However, it remains to be seen why the developers behind LockBit waited nearly two weeks before taking action to help the hospital.