Do ransomware gangs actually have a heart? Perhaps...
Just days before Christmas, on the night of Sunday 18 December 2022, Canada's Hospital for Sick Children (better known as SickKids) was hit by a ransomware attack.
The Toronto-based teaching and research hospital reported that the attack had impacted its internal systems, phone lines, and website.
The hospital predicted that it would take weeks before all of its systems were back up-and-running as normal, and warned that - although scheduled appointments and procedures were continuing - its clinical teams were experiencing delays, and that patients and families should expect longer wait times.
Emergency recovery plans were put into action, and by the end of the year the hospital reported that although patients and families could expect to face delays, almost 50% of its priority systems had been restored and were back online.
The attack drew the attention of the world's media, fueled by the combination of sick children, cold-hearted cybercriminals, and Christmas.
And perhaps that's one reason why the notorious LockBit ransomware group, a ransomware-as-a-service (RaaS) operation that was used by the hospital's attackers, has taken the unusual step of not only apologising to SickKids, but also offering the beleaguered hospital a free decryption tool.
LockBit, which has had no qualms about hitting other hospitals in the past with ransomware, made a rare expression of regret in a message posted on its underground website.
The LockBit group said that the affiliate who had undertaken the attack had violated its rules, and was blocked from future activity.
A case of cybercriminals with a conscience? Or perhaps an indication that the people behind LockBit realised that the downsides of hitting a hospital for sick children might outweigh any amount of money it might hope to extort.
After all, you can imagine that law enforcement agencies would have even more reason to uncover who was behind LockBit, and there would always be the danger that other cybercriminals might take a very dim view of the ransomware attack and be prepared to dox those who it believed had assisted it.
I wouldn't wish on any parent the experience of having a seriously sick kid, but I find it hard to believe that most cybercriminals give a damn about who they target if there is potentially money to be made.
In its latest statement, SickKids confirms that it has not made any ransom payment, has restored over 60% of its priority systems, and is assessing whether they need to use the decryptor offered by the LockBit gang at all.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.