And happy new year 2023! The LockBit mafia franchise has just offered itself a publicity stunt by broadcasting for free, on the evening of December 31, the decryptor to restore the encrypted files of a Canadian hospital. A way for the gang of cybercriminals to show that they would not be malicious hackers solely driven by the lure of profit, whatever the consequences.
As reported by The Bleeping Computer, the gang of cybercriminals apologized on their blog for the ransomware attack that targeted Toronto’s SickKids hospital in December. “The partner who attacked this hospital did not follow our rules, it is now blocked and is no longer one of our affiliates”, specify the cybercriminals.
Computer attack in December
This pediatric center had deplored a major computer cybersecurity incident on Sunday, December 18. The next day, the hospital reported that the attack appeared to have affected only “a few internal systems”, “as well as certain telephone lines and web pages”, before specifying, on December 29, to have completed the restoration of almost the half of the priority systems.
If it is welcome – the SickKids hospital is in the process of evaluating the decryptor provided by LockBit – the announcement, unprecedented for this gang according to security researchers, is also surprising. Because the mafia gang obviously has a variable geometry morality concerning hospitals. The franchise claims to set limits on the use of its ransomware, available for rental to affiliates, subject to the payment of part of the earnings.
The deployment of ransomware would thus be prohibited for health services such as cardiology, surgery or even maternity wards. But last August, the gang had found nothing to complain about with the computer hacking of the Center Hospitalier Sud Francilien de Corbeil-Essonnes by an affiliate.
Corbeil-Essonnes public hospital considered a business
In the absence of payment of a ransom, LockBit then released data stolen from the Ile-de-France hospital at the end of September, for example administrative data such as the social security number or examination reports. As Le Mag It recalls, the negotiators for the hospital had specified in a chat that the establishment in question was a public hospital. “I think you know (…) that it is impossible for us to pay the amount requested”, wrote the hospital. “And I don’t understand your behavior, where have your values gone?” »
On the contrary, on the blog of the cybercriminals, the French hospital had then been assimilated to a company, the gang believing to have offered a “very reasonable” extortion rate, proof of their respect for health care.
Beyond LockBit, we also remember that cybercriminals had already claimed that they would spare health structures at the start of the Covid-19 pandemic. An assertion contradicted by the facts, evidenced by the large number of hospital structures affected in recent years in France.