Ransomware Gang, LockBit Apologizes for Hacking Hospital System

JAKARTA - On December 18, the most popular ransomware gang, LockBit, launched an attack on the children's hospital, SickKids in Toronto.

As a result of this attack, On December 18, SickKids was unable to access many of its critical systems, causing an increase in patient waiting time.

LockBit runs what's known as a "ransomware-as-a-service" operation, in which an organization has affiliates do the dirty work of finding targets to compromise and collect payment, while the main operation maintains the malware partners use to lock down systems.

As part of that arrangement, the gang will take a 20 percent cut of all ransom payments. In addition, the group claims to prohibit its affiliates from targeting "medical institutions" that may lead to death.

As of Dec. 29, Sick Kids said it had regained access to nearly 50 percent of its priority systems, including those that had caused diagnostic and treatment delays.

Two days later, a cybersecurity researcher uncovered LockBit's apology to SickKids for the attack launched.

"We officially apologize for the attack on sikkids.ca and returned the decryptor for free, the partner who attacked this hospital violated our rules, was blocked and is no longer in our affiliate program," he said, according to a screenshot shared on Twitter.

As of January 1, SickKids confirmed it had restored more than 60 percent of priority systems, and restoration efforts were ongoing and well under way.

Until now, SickKids has not been able to provide evidence whether personal information or personal health information has been affected or not. What is certain is that SickKids has not made a ransom payment as a result of the attack.

"This is an active and ongoing incident and we are unable to provide additional information about the nature of the attack at this time," the Hospital said in a statement.