Lockbit is a hacker group that has existed since 2019, and is one of the most active currently.
In this case, the group blocked much of the corporate systems, phone lines, and the website of a children's hospital called sickkids. The hacker group has publicly apologized and released a free decryptor so the hospital can get back to normal.
It is assumed that one of the members of the gang launched a ransomware, which blocked the 50% from the hospital systems. It took two days for Lockbit to publicly apologize and announce that the partner who attacked the hospital is blocked and is no longer part of his organization. Along with this message, a free decryptor was shared, so that the hospital could return to normal operation as quickly as possible and without making a ransom payment. To all this, the hospital sent it to be validated and evaluated by third-party experts, and they make it clear that they have not made any payment.
A few weeks ago we talked about the importance of not paying the ransom. Despite the fact that by paying the ransom, hackers usually keep their word, this action has its cons. They can attack again, and second, the ransom money is financing future cyberattacks.
How did the ransomware get in?
At the moment this is unknown, it could have entered in many ways, but most likely it is due to an oversight or error of one of the workers, who opened a file or accessed an insecure website controlled by Lockbit. This infected his device, and as a consequence, crashed the hospital's systems. It is very important the awareness of the employee in terms of cybersecurity
As for the Lockbit hacker group, they operate by deploying their malware against high-profile targets. According to prosecutors, they have attacked more than 1,000 organizations, pocketing millions of dollars in ransom payments. Some of which are hospitals, such as the Center Hospitalier Sud Francilien (CHSF) where a ransom of 10 million dollars was demanded and which ended up leaking sensitive patient data.
You can read more information about the attack and the Lockbit group here