A global ransomware operator has issued a rare apology after it claims one of its “partners” was behind a cyberattack on Canada’s largest pediatric medical centre.
LockBit, a ransomware group the U.S. Federal Bureau of Investigation has called one of the most active and destructive in the world, posted a brief statement on what cybersecurity experts say is its data leak site claiming it has blocked its partner responsible for the attack on Toronto’s Hospital for Sick Children and offering the code to restore the system.
SickKids acknowledged Sunday it was aware of the statement and says it was consulting experts to “validate and assess the use of the decryptor,” adding it has not made a ransom payment.
The hospital has said last month’s attack delayed lab and imaging results, knocked out phone lines and shut down the staff payroll system.
It says 60 per cent of its priority systems have since been brought back online and restoration efforts are “progressing well”.
Cybersecurity experts say even if SickKids decides to use a decryptor, they face the often lengthy and costly task of fully restoring the systems and potentially rebuilding their cybersecurity architecture to prevent another attack.