The LockBit ransomware-as-a-service operation said it is against its rules to attack medical institutions, but the ransomware gang's affiliates do not always adhere to this policy. Credit: iStock LockBit, a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor. SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital.The incident impacted some internal clinical and corporate systems, as well as hospital phone lines and web pages. On December 29, SickKids said that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. On December 31, however, LockBit issued a statement apologizing for the attack and offering a free decryptor for the ransomware used in the operation. “We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program,” according to the statement, which was first noted by security researcher Dominic Alvieri. The file appears to be a Linux/VMware ESXi decryptor, according to Bleeping Computer. The LockBit creators rent out their ransomware to third parties called affiliates, and control the program’s encryptors and data-leak websites. The ransomware is used by affiliates to breach networks, and steal or encrypt data, for a cut of up to 75% of the money paid by victims as ransom. LockBit says it will not attack hospitals The group, though, has a policy against targeting organizations operating in the healthcare, education, charity and social services sectors, according to a 2021 public interview with an alleged LockBit gang member.Meanwhile, SickKids has confirmed that it is aware of the statement issued by the ransomware group and the offer of a decryptor. “We have engaged our third-party experts to validate and assess the use of the decryptor,” the hospital said on January 1.By then, SickKids said, it had already restored over 60% of priority systems, and restoration efforts were ongoing and progressing well. There was no evidence that personal information or personal health information has been impacted, and SickKids had not made a ransomware payment, the hospital said. LockBit affiliates have not always adhered to its policy against targeting hospitals. For example, in August last year, LockBit was used against the Center Hospitalier Sud Francilien (CHSF) and a $10 million ransom was demanded. The patient data was subsequently leaked after the hospital refused to pay. Otherwise, LockBit has emerged as the top ransomware gang, with version 3.0 of its ransomware becoming the leading ransomware strain in the third quarter of 2022.Its activities continue. On December 25, The Port of Lisbon was targeted by LockBit, though the port said no operational activity was compromised. LockBit has already published a ransom note demanding $1.5 million on its official site within the Tor darknet. The ransom note needs to be paid by January 18, the gang said. Related content news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security news US AI experts targeted in cyberespionage campaign using SugarGh0st RAT Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence. By Lucian Constantin May 16, 2024 4 mins Phishing Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe