In a New Year’s Eve apology, the LockBit ransomware gang has expressed regret for attacking Toronto’s Hospital for Sick Children and sent a free decryptor so files can be unscrambled. According to Brett Callow, a B.C.-based threat analyst for Emsisoft, the gang posted a message on its site claiming the attack was the work of
In a New Year’s Eve apology, the LockBit ransomware gang has expressed regret for attacking Toronto’s Hospital for Sick Children and sent a free decryptor so files can be unscrambled.
According to Brett Callow, a B.C.-based threat analyst for Emsisoft, the gang posted a message on its site claiming the attack was the work of an affiliate and violated their rules.
“We formally apologize for the attack on sickkids.ca and give back the decryptor for free,” the note says. “The partner who attacked this hospital violated our rules, is blocked, and is no longer in our affiliate program.”
Some ransomware groups run on a ransomware-as-a-service model with so-called partners who specialize in developing — and spreading — malware for the initial compromise of a victim, leaving the ransomware developers to focus on their encryption code. The gang and the affiliate come to an agreement on splitting any payments the victims agree to make. In some models the affiliate will insert the ransomware after a compromise, and in other models the ransomware operators have the final say.
“This is not an act of compassion; it’s one of self-preservation,” Callow said in an email. “LockBit has attacked hospitals in the past, and will likely do so again. Why did they offer a free decryptor in this case? Probably because they believe an attack like this makes it harder for them to collect payment from future victims. Companies would not want to be seen to be handing money to – and so financially supporting – the type of cybercriminals who would launch an attack on a hospital for sick kids.
Start
United States
USA — IT Breaking news: Ransomware gang gives decryptor to Toronto’s SickKids Hospital