>
Rarely do we see cybercriminals engage in brand crisis management, but it is now 2023 and anything is possible.
A partner of the infamous LockBit ransomware-as-a-service program recently attacked SickKids.ca – the hospital for sick children. SickKids is a large teaching children’s hospital located on University Avenue in Toronto, Canada, and affiliated with the University of Toronto Faculty of Medicine.
During the attack, the threat managed to partially disable corporate systems, hospital phone lines, and the website. As a result, the hospital has had problems receiving lab and imaging results, causing patients to wait longer for their test results.
Formal apologies
Two days later, cybersecurity researcher Dominic Alvieri announced on Twitter that the group appeared to have formally apologized for the incident, saying the threat actor had violated his rules of engagement.
“We formally apologize for the attack on sikkids.ca and are returning the decryptor for free. The partner who attacked this hospital has broken our rules, has been blocked and is no longer in our affiliate program,” the ransomware group said.
The decryptor appears to be a Linux/VMware ESXi decryptor, Beeping computer explained, suggesting that the attack only targeted virtual machines.
While cybercriminals are unscrupulous in their pursuit of financial gain, some shun certain industries, including healthcare and critical infrastructure. While it may sound like they’re doing it out of the goodness of their hearts, it’s more likely they want to avoid the wrath of the police.
After all, the incidents involving Colonial Pipeline, JBS, and others have drawn the attention of top legislators and law enforcement agencies to the dangers of ransomware and led to the dismantling of some of the world’s largest operations.
LockBit prohibits its partners from encrypting endpoints whose operations are critical to patients’ lives, but allows data theft from healthcare organizations.
Through: Beeping computer (opens in new tab)