JAKARTA - On December 18, the most popular ransomware gang, LockBit, launched an attack on the children's hospital, SickKids in Toronto.
As a result of this attack, On December 18, SickKids was unable to access many of its critical systems, causing an increase in patient waiting time.
LockBit runs what's known as a "ransomware-as-a-service" operation, in which an organization has affiliates do the dirty work of finding targets to compromise and collect payment, while the main operation maintains the malware partners use to lock down systems.
SickKids is aware of a statement from a ransomware group offering a decryptor to restore systems impacted by the cybersecurity incident on December 18. Read more: https://t.co/clU1IqK7Qh pic.twitter.com/H9S4ERgih7
— SickKids_TheHospital (@SickKidsNews) January 1, 2023
As part of that arrangement, the gang will take a 20 percent cut of all ransom payments. In addition, the group claims to prohibit its affiliates from targeting "medical institutions" that may lead to death.
As of Dec. 29, Sick Kids said it had regained access to nearly 50 percent of its priority systems, including those that had caused diagnostic and treatment delays.
SEE ALSO:
Two days later, a cybersecurity researcher uncovered LockBit's apology to SickKids for the attack launched.
"We officially apologize for the attack on sikkids.ca and returned the decryptor for free, the partner who attacked this hospital violated our rules, was blocked and is no longer in our affiliate program," he said, according to a screenshot shared on Twitter.
Breaking
LockBit offers decryptor for free.
LockBit affiliate breach violated their rules for The Hospital for Sick Children and offers the decryptor for free.
/sickkids.ca@CBC @globeandmail #cybersecurity #infosec #LockBit @BleepinComputer @TheRecord_Media pic.twitter.com/5k54IkPUIX
— Dominic Alvieri (@AlvieriD) December 31, 2022
As of January 1, SickKids confirmed it had restored more than 60 percent of priority systems, and restoration efforts were ongoing and well under way.
Until now, SickKids has not been able to provide evidence whether personal information or personal health information has been affected or not. What is certain is that SickKids has not made a ransom payment as a result of the attack.
"This is an active and ongoing incident and we are unable to provide additional information about the nature of the attack at this time," the Hospital said in a statement.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)