- The ransomware gang Lockbit offers a free decryptor after one of its members breaks the rule of attacking a hospital, which is forbidden.
- One of the policies of LockBit states that it is not allowed to encrypt files in places where someone could get hurt if the files get damaged.
- LockBit apologizes about the incident and adds that the partner who attacked the hospital broke their rules and is now blocked from future access.
The LockBit ransomware gang apologizes to SickKids after a forbidden attack and provides a decryptor as a way to make up for their mistake. In one of LockBit’s policies, it states that “It is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed.”
Free decryptor as an apology
LockBit operates as a ransomware-as-a-service (RaaS) program; malicious software that encrypts files and asks for a ransom in exchange for the decryption key is called ransomware. This software is often given to different affiliates who then use it to attack other victims.
After the ransomware gang realized one of its affiliates broke the rule of not encrypting institutions where damage to files could lead to death, they have stopped supporting said affiliate and blocked all future access.
The hospital is warning people that it can only handle emergencies at the moment and also working hard to transfer some patients to other hospitals.
Although the ransomware gang provided a free decryptor and announced that it has now ended the access of their former partner, it has not gone unnoticed that they took a long time to do this. LockBit has also been seen attacking another hospital and then eventually leaking the files. It is unknown why they provided a free decryptor and an apology this time.