[Canada] Rare apology from ransomware group over 'partner' role in SickKids attack

[Canada] Rare apology from ransomware group over 'partner' role in SickKids attack
06 Jan 2023

Global ransomware operator LockBit has issued a rare apology after claiming one of its "partners" was behind a cyberattack on Canada's largest pediatric medical centre, CBC reports.

LockBit - a ransomware group the FBI has called one of the most active and destructive in the world - posted a brief statement on what cybersecurity experts say is its data leak site. The statement claimed LockBit has blocked its partner, responsible for the attack on Toronto's Hospital for Sick Children, and offered the code to restore the system.

On January 1 SickKids acknowledged that it was aware of the statement and said it was consulting experts to "validate and assess the use of the decryptor," adding it has not made a ransom payment.

The hospital has reportedly said last month's attack delayed lab and imaging results, took out phone lines and shut down the staff payroll system.

It says 60 per cent of its priority systems have since been brought back online and that restoration efforts are "progressing well."

Cybersecurity experts reportedly said that even if SickKids decides to use a decryptor, it will face the often lengthy and costly task of fully restoring the systems and potentially rebuilding its cybersecurity architecture to prevent another attack.

Growing threat of cyber attacks on health organisations

The Canadian Centre for Cyber Security - under the national cryptologic agency the Communications Security Establishment (CSE) - reportedly said it is aware of reports regarding the cyber security incident at SickKids but cannot comment on specific incidents.

However, it highlighted the fact that cyber threats continue to remain a "persistent threat" to the Canadian government, non-government organisations and critical infrastructure.

"Generally speaking, the Cyber Centre has noticed an increase in cyber threats during the COVID-19 pandemic, including the threat of ransomware attacks on the country's front-line health-care and medical research facilities," a statement from CSE spokesperson Evan Koronewski said.

"Since March 2020, over 400 healthcare organizations in Canada and the United States experienced a ransomware attack."

Mr Koronewski says cybercriminals typically cast a "wide net" and don't usually have specific targets but added that some criminals have started to place more resources into zeroing in on "larger and more financially lucrative" targets that cannot tolerate disruptions and are likely willing to pay large ransom amounts to restore operations.

"CSE and the Cyber Centre continue to monitor for any developing cyber threats and share threat information with our partners and stakeholders to help prevent future incidents," he said.

"We encourage Canadians and Canadian organizations to be aware of ransomware threats and be vigilant."

 

Source: CBC

(Quotes via original reporting)

Global ransomware operator LockBit has issued a rare apology after claiming one of its "partners" was behind a cyberattack on Canada's largest pediatric medical centre, CBC reports.

LockBit - a ransomware group the FBI has called one of the most active and destructive in the world - posted a brief statement on what cybersecurity experts say is its data leak site. The statement claimed LockBit has blocked its partner, responsible for the attack on Toronto's Hospital for Sick Children, and offered the code to restore the system.

On January 1 SickKids acknowledged that it was aware of the statement and said it was consulting experts to "validate and assess the use of the decryptor," adding it has not made a ransom payment.

The hospital has reportedly said last month's attack delayed lab and imaging results, took out phone lines and shut down the staff payroll system.

It says 60 per cent of its priority systems have since been brought back online and that restoration efforts are "progressing well."

Cybersecurity experts reportedly said that even if SickKids decides to use a decryptor, it will face the often lengthy and costly task of fully restoring the systems and potentially rebuilding its cybersecurity architecture to prevent another attack.

Growing threat of cyber attacks on health organisations

The Canadian Centre for Cyber Security - under the national cryptologic agency the Communications Security Establishment (CSE) - reportedly said it is aware of reports regarding the cyber security incident at SickKids but cannot comment on specific incidents.

However, it highlighted the fact that cyber threats continue to remain a "persistent threat" to the Canadian government, non-government organisations and critical infrastructure.

"Generally speaking, the Cyber Centre has noticed an increase in cyber threats during the COVID-19 pandemic, including the threat of ransomware attacks on the country's front-line health-care and medical research facilities," a statement from CSE spokesperson Evan Koronewski said.

"Since March 2020, over 400 healthcare organizations in Canada and the United States experienced a ransomware attack."

Mr Koronewski says cybercriminals typically cast a "wide net" and don't usually have specific targets but added that some criminals have started to place more resources into zeroing in on "larger and more financially lucrative" targets that cannot tolerate disruptions and are likely willing to pay large ransom amounts to restore operations.

"CSE and the Cyber Centre continue to monitor for any developing cyber threats and share threat information with our partners and stakeholders to help prevent future incidents," he said.

"We encourage Canadians and Canadian organizations to be aware of ransomware threats and be vigilant."

 

Source: CBC

(Quotes via original reporting)