LockBit Ransomware Gang Apologies After Hospital Attack, Reaffirms Dentists Are OK To Attack

PK Tech Blog Image 3

The LockBit ransomware gang recently targeted the Hospital for Sick Children (SickKids), a teaching and research hospital in Toronto that focuses on providing healthcare to sick children (reference). The attack encrypted only a few systems, but impacted internal and corporate systems, hospital phone lines, and their website. It also resulted in delays in receiving imaging and lab results and longer wait times for patients.

The attack occurred on December 18th, and by December 29th, SickKids restored 50% of its priority systems, most notably those that help with diagnosis and treatments. 

LockBit Ransomware Issues Apology

Yes, you read that right! As it turns out, one of LockBit’s members violated their own rules by attacking SickKids. 

The LockBit ransomware gang issued an official apology for attacking the hospital and released a decryptor back for free. The file is confirmed to be a free Linux/VMware ESXi decryptor, which indicates the attack could only encrypt virtual machines in the hospital’s network. 

The move by LockBit is not something you see every day–but it shows some semblance of humanity among the sometimes ruthless ransomware gang.

Why Did LockBit Apologize? 

The SickKids ransomware attack went against one of LockBit’s founding principles: “It is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed.” 

While this principle is comforting for the sectors mentioned above, it is not a guarantee that attacks won’t happen anyway–as they did with SickKids. While the decryptor was provided without a ransom payment, the attack still caused short-term delay and harm to the hospital and its patients.

It’s also important to note that as a part of LockBit’s rules, the stealing of data from any medical institution is allowed. LockBit also allows affiliates to go after dentists. Not all in healthcare are exempt from being targets.

IT for Healthcare Organizations is Vital

If you are in the medical industry, you may read this blog and assume that you get a free pass on ransomware attacks – think again.

While some ransomware gangs have rules around whom they can attack, we learn two important lessons from the SickKids attack:

  1. Not all members of a ransomware gang will abide by rules in all instances.  Even if they “undo”a mistaken attack, there will be harm to you and your patients for at least a while.
  2. Many “healthcare” organizations do not fall under the “exempt” category for ransomware attacks

If you are a dentist, chiropractor, or similar medical provider, you could still be at major risk of being targeted in a LockBit or other ransomware gang attack. 

With a decade of experience working with healthcare providers, we understand both HIPAA and many other intricacies of IT when it comes to the medical industry. To talk with a member of the PK Tech team, get in touch with us here