It looks like even Ransomware gangs have limits
As the world continues to grapple with the threat of ransomware attacks, it appears that even the perpetrators of these malicious acts have their limits. The LockBit ransomware gang, which offers Ransomware as a Service (RaaS) has released a free decryptor for a children’s hospital in Canada after one of its members violated the gang's rules by attacking the healthcare organization and causing situations that could cost people their lives.
On December 18th, SickKids, a children’s teaching and research hospital in Toronto suffered a ransomware attack that impacted multiple systems across the hospital such as phone lines, the website, and administrative systems. While the attack only encrypted several systems, it caused impacted lab and imaging testing and results and caused longer waiting periods for patients. Eleven days later on December 29th, the hospital announced that it had restored the systems causing diagnostic or treatment delays as it brought roughly half of its primary systems back online.
The LockBit gang apologized for the attack and released a decryptor for free, stating that one of its affiliates had encrypted the hospital's devices and had subsequently been removed from the operation. This is a rare move for LockBit, as the gang has a history of encrypting hospitals and not providing decryptors. Hospitals are among the top targets for ransomware gangs as they represent high-pressure organizations, often run on outdated systems, that should have access to funds that can be used to pay ransoms.
For those unfamiliar with RaaS, it works like this: the LockBit operators maintain the encryptors and websites, while affiliates attack the victims by breaching their networks, stealing their data, and encrypting their devices. The LockBit operators keep approximately 20% of all ransom payments and with the rest going to the affiliate.
It's worth noting that this isn't the first time a ransomware gang has provided a free decryptor to a healthcare organization. The Conti Ransomware provided a free decryptor to Ireland's national health service (HSE) in May 2021, although at the time it was under intense pressure to do so from international law enforcement agencies.
It's heartening to see that even ransomware gangs, which are often motivated solely by profit, have some sense of morality and are willing to make exceptions when the consequences of their actions could be dire. However, it's important to remember that these exceptions are likely few and far between and that it's crucial for individuals and organizations to protect themselves from ransomware attacks by regularly updating their systems and software, backing up important data, and being cautious when opening emails and links from unknown sources.Advertisement