Lockbit is a hacking group that has been active since 2019 and is currently one of the most active.
In this case, the group locked down a large portion of the corporate systems, phone lines, and website of a children’s hospital called SickKids. The hacking group has publicly apologized and released a free decryption tool so the hospital can return to normal operations.
It is believed that one of the group’s members launched a ransomware attack that locked 50% of the hospital’s systems. It took Lockbit two days to issue a public apology and announce that the member who attacked the hospital has been blocked and is no longer part of their organization. Along with this message, a free decryptor was shared so the hospital could resume normal operations as quickly as possible without paying the ransom. The hospital had this decryptor validated and evaluated by third-party experts and made it clear that they have not made any payment.
A few weeks ago, we discussed the importance of not paying the ransom. Although hackers usually keep their word when the ransom is paid, this action has its downsides. They may attack again, and second, the ransom money is being used to fund future cyberattacks.
How did the ransomware get in?
At this point, it remains unclear; it could have entered in many ways, but the most likely scenario is that it resulted from an oversight or mistake by one of the employees, who opened a file or accessed an unsecured website controlled by Lockbit. This infected their device and, as a result, locked down the hospital’s systems. Employee awareness of cybersecurity is crucial.
As for the Lockbit hacker group, they operate by deploying their malware against high-profile targets. According to prosecutors, they have attacked more than 1,000 organizations and have pocketed millions of dollars in ransom payments. Some of these are hospitals, such as the Center Hospitalier Sud Francilien (CHSF), where a $10 million ransom was demanded, which ultimately led to the leak of sensitive patient data.
You can read more about the attack and the Lockbit group here
