It looks like even Ransomware gangs have limits
As the world continues to grapple with the threat of ransomware attacks, it appears that even the perpetrators of these malicious acts have their limits. The LockBit ransomware gang, which offers Ransomware as a Service (RaaS) has released a free decryptor for a children’s hospital in Canada after one of its members violated the gang's rules by attacking the healthcare organization and causing situations that could cost people their lives.
On December 18th, SickKids, a children’s teaching and research hospital in Toronto suffered a ransomware attack that impacted multiple systems across the hospital such as phone lines, the website, and administrative systems. While the attack only encrypted several systems, it caused impacted lab and imaging testing and results and caused longer waiting periods for patients. Eleven days later on December 29th, the hospital announced that it had restored the systems causing diagnostic or treatment delays as it brought roughly half of its primary systems back online.
The LockBit gang apologized for the attack and released a decryptor for free, stating that one of its affiliates had encrypted the hospital's devices and had subsequently been removed from the operation. This is a rare move for LockBit, as the gang has a history of encrypting hospitals and not providing decryptors. Hospitals are among the top targets for ransomware gangs as they represent high-pressure organizations, often run on outdated systems, that should have access to funds that can be used to pay ransoms.
For those unfamiliar with RaaS, it works like this: the LockBit operators maintain the encryptors and websites, while affiliates attack the victims by breaching their networks, stealing their data, and encrypting their devices. The LockBit operators keep approximately 20% of all ransom payments and with the rest going to the affiliate.
It's worth noting that this isn't the first time a ransomware gang has provided a free decryptor to a healthcare organization. The Conti Ransomware provided a free decryptor to Ireland's national health service (HSE) in May 2021, although at the time it was under intense pressure to do so from international law enforcement agencies.
It's heartening to see that even ransomware gangs, which are often motivated solely by profit, have some sense of morality and are willing to make exceptions when the consequences of their actions could be dire. However, it's important to remember that these exceptions are likely few and far between and that it's crucial for individuals and organizations to protect themselves from ransomware attacks by regularly updating their systems and software, backing up important data, and being cautious when opening emails and links from unknown sources.
If you are a participant in attacking ANY hospital for ransom, you are a sociopath. For them, it is about the satisfaction of being able to do it. There is no adrenaline high for them and they have no feelings for the victim(s). There is no cure for this – the affected do not suddenly get the warm fuzzies.
In this case, they tried to collect payment but Sick Kids did not pay up. It would not have bothered them if several little kids had suffered or even died while they waited for their cold cash. They have no empathy for the families of these patients either.
This mea culpa is a knife being rotated in a deep wound. Not to enjoy it, but to observe the response – they can not give up the control.
As was mentioned in some other posts (above) the ransomware groups function like cockroaches. They won’t want too much light shining in their direction, e.g. crime investigation for cause of death.
“[…] the gang has a history of encrypting hospitals and not providing decryptors.”
For example, they were responsible for: The Centre Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28 km from the centre of Paris, cyber attack, August 2022. No decryptor was provided.
So many innocent lambs. LockBit defines vile.
This is a good thing while ransomware remains a pain. Why don’t they (ransomware gangs) attack oil companies or gun manufacturers if they are really after the big money?
I was annoyed by this line:
“It’s heartening to see that even ransomware gangs, which are often motivated solely by profit, have some sense of morality and are willing to make exceptions when the consequences of their actions could be dire.”
IF the word ‘some’ had been included I wouldn’t have any reason to post but that one line could make it sound like ‘all’ ransomware gangs have limits and not all do.
It’s called Public Relations. No mercy for those w**kers.
+1
Such a tender, heart-warming story. Thank you! Oh THANK YOU ransomeware gang for being so benevolent and understanding. Businesses, homeowners, local governments and non-profits of the world are overwhelmed by your kindness as anyone affected due to a result of your criminal activity sits and stares blankly at their encrypted data while contemplating their loss of livelihood or important documents and photos.
@herman +1
Being sarcastic leads to nothing.
If we react the same to the worst than to the worst minus one exception then, IMO, we’re missing something.
But I know : besides legitimate revolt in the face of what is indeed unforgivable we are also at a time when any opportunity to choose hatred is welcomed, especially when characterized as legitimate (“hey! I can spit my hatred, I’m spitting on hell!) and even if we don’t give a damn ourselves about the dramas.
These people have no ethics or morals. They should just get life in prison.
Those gangs should be prosecuted with life emprisonment with no mercy at all.
I hardly perceive any mercy in life imprisonment unless to consider the barbarian death sentence.
I think that any improvement is to be acknowledged and encouraged. Slightest as it can be, deepest the hell it emerges from is.
@Tom Hawack you should notice that I said “life imprisonment”, not “life imprisonment with hard forced penal work”, that obviously it a tight step beyond and only should be applied to the team that designed the W11 taskbar, among others.
@John G. OK. “life imprisonment with hard forced penal work” is something we don’t know in Europe, at least not in France as far as I’m aware of. But indeed it appears to be the step between “life imprisonment” and the death penalty.
@Tom Hawack, omg, I am proud of hearing that in France there is no forced penal work and of course no death penalty, nevertheless we can’t lose our head about these important facts, considering for example that the last execution in France was in september 1977 and in Spain it was in september 1975, so pretty close didn’t it? Here in Spain the prisons are more similar to hotels. Delinquents are despered to enter in (not a joke). Of course I am sorry if someone feels offended, it’s just a way of speaking about the gangs that are destroying people’s life.
@John G., in France death sentence was abolished by the Parliament when it was notorious that if it had been submitted to a referendum it wouldn’t have been abolished.
Being myself deeply committed to the abolition of a barbarian practice I often refer to this incursion of the parliament against a notorious people’s majority to emphasize that if democracy is the right way — at least not the worst — when practiced excessively (referendum rather than via parliament) it may not lead to a nation’s progression. French author Victor Hugo noted that “La populace est souvent l’ennemi du peuple” (“The rabble is often the enemy of the people” translated by ‘DeepL Translator).
Some, especially those who’ve experienced imprisonment, moreover with “hard forced penal work” may argue,that death would me mercy. This is also the cry of those attempting suicide. Nevertheless a society cannot consider freedom beyond the extent of spirituality not to mention humanism. Of course me must help, and condemning death sentence is not incompatible with condemning one for his acts.
Jail life similar to hotels, in Spain and elsewhere? We’ve had similar reactions in France when a prison director decided to let a karting race take place within the prison recreation area. let me tell you : I think that privation of liberty is one of the worst destinies. I also believe that punishment is archaic when the aim is reinsertion. I know the difficulties of such an approach, but it is IMO the right one.
Lastly, perhaps can we dig into our very private and authentic feelings regarding imprisonment by asking ourselves “What is the worst, an innocent in jail or a guilty person in liberty”. Whether or not we’ve experienced imprisonment, even with sauna and open-bar, I believe our answer *may* differ.
I understand our legitimate revolt regarding RaaS, i share it. But I believe that respecting a revolt means far more than invoking it, far more than translating it to hatred, when it deserves to have a society take the correct measures to prevent its everlasting continuation. I’m afraid RaaS as well as most of the worst of the cyber world is particularly hard to prevent. Companies and individuals must be aware of what thay can ans must do by themselves to reduce the risk, but here more than elsewhere bullet-proof prevention is perhaps a dream.
Personally I felt not at all offended by tour comment. I simply disagreed and wrote it. That’s what blogs are for :=)
@Tom Hawack, thanks in advance for your fine comment. It is surprisingly good to read such high quality thoughts here at Ghacks. In order to finishing I only want to say that my father’s favourite film is Papillon, with Steve McQueen and Dustin Hoffman in 1973. And finally, I think that there is a worst destiny for a man that losing his liberty, and it is feeling the racism. My girlfriend is ebony and she still is worried for the way that some people look at us. There is still too much ways to lose the liberty in Europe today. Bad times for pop music, I suposse. @Tom please do have a fine 2023!
@John G., “Papillon”, based on a true story, indeed. Fortunately the “bagne”, banished since then, was what we’d call “imprisonment with hard forced penal work”. Very hard. Many prisoners died there. Alfred Dreyfus, innocent, could have finished his life there as well [https://en.wikipedia.org/wiki/Dreyfus_affair]. Fortunately he had been rehabilitated. Antisemitism, already. You mention racism. Indeed, two dramatic signatures. Antisemitism and racism have nothing to do with morality but only with intelligence, let’s not put virtue where it doesn’t belong, one can be a lousy swindler and neither antisemitic nor racist, another can be a high-figure of society, admired and respected by all and simultaneously antisemitic and racist. It’s a matter of pure idiocy.
Yet, I’m not sure I’d agree that suffering of racism or antisemitism is worse than being imprisoned. Let’s face it, I’ve had to endure neither. Imprisonment is, as i imagine it, not tied to the mental disease of a few (fortunately decreasing over time even if nuts are eternal) but to the very nature of loosing liberty beyond a society’s divisions : antisemitism and racism will have vanished when imprisonment, justified or not, will still be active.
Do we know that an attempt to escape from jail (“Papillon”!) does not lead in a country such as Switzerland to an overcharge of the sentence because considered as the very natural and not reprehensible behavior of an imprisoned human being? I consider such a political philosophy as relevant of a highly progressive country.
My very best wishes for a great 2023, to you and to your girlfriend, to those you care for. Black is beautiful, ebony is, all colors by the way, but why the heck do we have to mention this and not blonds nor red-haired? Maybe because life never tortured the latter.
@Tom, great comment by you again, it’s full of wisdom in some ways. Thanks for all! +1000
Such news make my day, brings a deep feeling of love (I dare the word). If only all gangs could consider and apply such limits.
I have in mind and in heart kids and others who will live when they potentially could have died hadn’t the LockBit ransomware gang released a free decryptor for this children’s hospital.
What a fantastic news, @Patrick. Thanks for sharing.