cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cyber criminal gang apologises for ‘SickKids’ cyber attack, provides free decryptor

In an odd turn of events for one of the most notorious ransomware gangs in the world, LockBit has issued an apology for its attack on the largest children’s hospital in Canada.

user icon Daniel Croft
Wed, 04 Jan 2023
Cyber criminal gang apologises for ‘SickKids’ cyber attack, provides free decryptor
expand image

The Hospital for Sick Children (SickKids) fell victim to a cyber attack on 18 December that prevented it from accessing many of its systems and databases, causing delays with lab and imaging results and increasing patient wait times.

Following SickKids releasing a statement on the 29th of December announcing that it had restored 50 per cent of its systems, LockBit issued an apology.

LockBit offers its ransomware infrastructure as a service to partners and affiliates who use the provided encryptors and websites to breach networks, steal data and lock devices. LockBit then keeps 20 per cent of the profits.


However, LockBit also as rules of conduct, forbid those partners from encrypting data of medical institutions where the consequences could be death.

In the apology, the ransomware giant announced that the partner who conducted the attack is now no longer associated or connected to LockBit.

“We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program,” said LockBit.

SickKids has announced that it is aware of the apology and is currently working with security experts to “validate and assess the use of the decryptor”.

Questions are now being raised as to why LockBit took so long to apologise and provide a decryptor if targeting medical institutions was against its policies.

Furthermore, LockBit has targeted medical institutions where their attacks could lead to a patient’s death before, such as its attack on the Centre Hospitalier Sud Francilien in France, where it leaked patient data after the victim refused to pay a $10 million ransom.

While the ransomware group’s policies do allow the theft of data from any medical institution provided that there is no risk of death, the attack delayed treatments and surgeries to patients which put their health and lives at risk.

In what is believed to be an unrelated incident, SickKids announced on Sunday that it had to take down two websites after “potential unusual activity” was detected.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.