Ransomware Group Apologizes After Attacking Children’s Hospital

As we enter 2023, it’s no secret hackers are a disruptive bunch. They attack any and all organizations, from governments to tech giants to essential services like hospitals. However, as it turns out, there is a line hackers don’t want to cross. And, when they do, they apologize.

As reported by BleepingComputer, the ransomware group “LockBit” has apologized for one of its members, who “violated rules” by attacking the Hospital for Sick Children (SickKids). The Toronto-based organization is a teaching and research hospital, which, as its name implies, focuses on treating sick children. The attack occurred on Dec. 18, and affected SickKids’ phone lines, website, and internal and corporate networks. It took eight days for SickKids to restore 50% of its priority systems.

In its report, SickKids said the attacks only encrypted a few of its systems, yet impacted lab and imaging results, causing delays for data and increased wait times for patients.

While SickKids didn’t know who perpetrated the Dec. 18 attack, they didn’t need to stay in the dark long. LockBit admitted guilt two days after the attack, blaming a solitary member for the mistake. As an apology, the group gave SickDays a decryptor for free, which allowed the hospital to begin restoring systems. In ransomware situations, hackers only give victims decryptors once they pay the ransom, so the gesture shows the group is remorseful.

Still, it also shows the callousness of hackers, and how far some will go to squeeze a reward from their victims. To be clear, LockBit didn’t apologize because they had attacked a children’s hospital, rather their member had broken a rule about encrypting data that could result in death, such as cardiology centers or maternity hospitals. So long as death isn’t in the picture, children’s hospitals are fair-game for LockBit.