LockBit Apologizes for SickKids Ransomware Attack, Offers Free Decryptor

Ransomware group LockBit has apologized for the SickKids Hospital cyberattack in mid-December last year and offered a solution. The group stated in its apology that a “partner” was responsible for the attack. As per the U.S. Federal Bureau of Investigation, this group is the most destructive and active, and this is the first time it has apologized for an attack.

On December 18, SickKids Hospital in Toronto, the biggest pediatric care hospital in Canada, was hit with a ransomware attack that took some of its systems offline, resulting in delayed lab results, delayed salary processing, and other hindrances to patient care. Now, in a surprising turn of events, it has been reported that a notorious and infamous ransomware group called LockBit has apologized for the cyberattack on the hospital.

According to the report citing cybersecurity experts, the brief apology was issued on the dark web and blamed a “partner” group for the attack. It said that the partner has been blocked and also provided SickKids Hospital a free decryptor to unlock its data. Brett Callow, a British Columbia-based threat analyst with anti-malware company Emsisoft said, “As far as I’m aware, this is the first time they’ve issued an apology and offered to hand over a free decryptor.”

Callow added that while Canada may suspect these cyberattacks originate from other countries, sometimes they come from within its own borders.

SickKids shared that it is trying to “validate and assess the use of the decryptor” with the help of experts. The hospital is still recovering from the cyberattack and as of January 1, over 60 percent of its “priority systems” were back online. The decryptor will allegedly help the hospital unlock the data that was held for ransom by the group.

Recently, the hospital took down two of its websites over “potential unusual activity” but it did not disclose if there was another cyberattack or not. SickKids stated that the reason for taking down the websites was unrelated to the mid-December cyberattack.

Chester Wisniewski, a Vancouver-based principal research scientist with cybersecurity firm Sophos believes LockBit is trying to manage its image among the competition. There are high-profile malware operators who want hackers to use their systems to carry out their cyberattacks.

Vineet Washington