Cyberattackers are not completely heartless after all. The LockBit Ransomware Group issued an apology to the SickKids hospital, which is Canada's biggest pediatric hospital. The hacker group also sent a decryptor to make amends.

Hacker Group Draws the Line at Sick Kids

The ransomware group led a ransomware attack on December 18th, targeting the Hospital for Sick Children which left the institution with inaccessible critical systems. The attack made it difficult to tend to patients which increased patient wait times.

On December 29th, the hospital claimed to have regained access to 50 percent of its priority systems, which helped with the diagnostic and treatment delays SickKids experienced, as mentioned by Engadget.

The ransomware group issued a public apology and offered a decryptor for free. The hacker group reasoned that it was a partner who initiated the attack on the hospital, and that he/she has since been blocked and is no longer in their affiliate program.

The decryptor file which was given for free appeared to be a Linux/VMware ESXi. Since it did not contain a Windows decryptor, it could mean that the hackers only encrypted virtual machines on SickKids's network.

LockBit Ransomware claims to avoid medical institutions as the encryptions could lead to denying information that could cost someone their life. Although, they still go for pharmaceutical companies, dentists, plastic surgeons, or other non-emergent institutions in the medical field.

The areas that are off-limits are said to be cardiology centers, neurosurgical departments, maternity hospitals, or any institutions that require high-tech equipment to perform surgical procedures, according to Bleeping Computer.

Read Also: LockBit Gang Takes Credit for Port of Lisbon Ransomware Attack

How is the Hospital Faring?

A recent report from the hospital claimed that they had restored around 60% of their systems. The hospital was working with third-party security experts to assess and validate the decryptor, which was suspiciously provided two weeks after the attack.

According to the tweet by SickKids Hospital, the restoration efforts are still ongoing and are progressing well. They also noted that there was no evidence that personal or personal healthcare information was impacted or leaked.

The hospital has not made any payments to the hacker group. They also expressed that they can't provide additional information about the nature of the attack, but that they will share updates on their website and on Twitter.

This wasn't the first time that a ransomware group had a change of heart. In May 2021, the Conti Ransomware Group also gave away a free decryptor to Ireland's national health service, but only after being pressured by international law enforcement's efforts.

This SickKids incident does not paint the ransomware in a good light since they have also done this before. They initiated a cyberattack against the Center Hospitalier Sud Francilien, where they demanded $10 million. They eventually leaked patient data when the hospital failed to pay.

Not only did the ransomware attack affect the hospital's systems, but it also led to them transferring patients to other medical centers which led to delays in surgeries. This could contribute to risks of postponed care for patients that had emergency surgical needs.

Related: Authorities Arrest Possible LockBit Ransomware Gang Member in Canada