Sick Kids in Toronto is the leading hospital for Children and Research in Canada. It was recently attacked by hackers and the victim of Ransomware.
This was nice to see that the LockBit gang has taken this step.
d
This really is good news. It's not the kind of story I want to hear, but at least they did the right thing this time.
The news doesn't raise my low opinion of LockBit (or Conti or other RaaS scum). At best, this is the same response you would expect from a spoiled 12-year-old who realizes their vandalism can cause real harm. I more suspect their response is the rationalization of a sociopath who can't stand to look in the mirror. "Wait, wait, we're not that bad." Yes, you are that bad. Behind every cyberattack, there is real harm that eventually trickles down to the most vulnerable. While LockBit may lack the intellect and morals to perceive that fact, what makes this crew (and others like it) especially despicable is their parasitic business model of taking a cut from "affiliates." They are the pimps of ransomware.
In the grand scheme, this incident helps illustrate the increasing coordination and organization of cybercrime. Although ... arguably, it also illustrates the flawed risk assessments of using technology to save a little money here but ending up with a remarkably vulnerable infrastructure.
I tend to be very forgiving of people who come clean after a mistake or mature out of naïve behavior, but this is neither. At best, I view it as a public relations stunt.
No amount of tweaking will change the fact that their business model is illegal and unethical. The very first step to making amends would be to do as the Maze ransomware authors did. Release all decryption keys, nuke the code repositories and promise to forever leave the business.
I keep trying to come up with the middle ground (e.g., free unlock keys for all of emergency/health services) but in the end I cannot get past the fact that this action neither moves LockBit towards "higher ground" nor makes the impacted hospital whole. The hospital still has a ~2 week outage to recover from, they still have remediation work to complete, and the reputational damage remains.