Rarely do we see cybercriminals engage in brand crisis management but it’s 2023 now and anything’s possible.
An affiliate of the infamous LockBit ransomware-as-a-service program recently attacked SickKids.ca – the Hospital for Sick Children. SickKids is a major pediatric teaching hospital located on University Avenue in Toronto, Canada, and Affiliated with the Faculty of Medicine of the University of Toronto.
During the attack, the threat actor managed to partially disable corporate systems, hospital phone lines, and the website. As a result, the hospital has had trouble receiving lab and imaging results, with the patients having to wait longer for their test results.
Two days later, cybersecurity researcher Dominic Alvieri announced on Twitter that the group appeared to have formally apologized for the incident and said the threat actor violated its rules of engagement.
“We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program,” the ransomware group said.
The decryptor seems to be a Linux/VMware ESXi decryptor, BleepingComputer explained, suggesting that the attack was targeted at virtual machines only.
While cybercriminals might be unscrupulous in their quest for financial gain, some avoid certain industries, healthcare and critical infrastructure included. Even though it might sound like they’re doing it from the goodness of their heart, it’s more likely that they’re looking to avoid the wrath of law enforcement.
After all, the incidents with Colonial Pipeline, JBS, and others, has drawn the attention of the highest legislators and law enforcement agencies to the dangers of ransomware, and resulted in the dismantling of some of the world’s biggest operations.
LockBit forbids its affiliates from encrypting endpoints whose operations are essential to patients’ lives, but allows stealing any data from healthcare organizations.
These are the best firewalls right now