Last updated on April 19th, 2024 at 02:37 am
Earlier this week, Keystone Smiles, a daycare and community learning center based in Knox, Pennsylvania, became a victim of the LockBit ransomware group.
Ransomware works by stealing data from a victim’s computer and then encrypting the original files so that the victim cannot access them. Ransomware operators inform the victim they must pay a hefty ransom to decrypt the files and stop the criminals from publicly leaking the stolen data.
As reported by security researcher Dominic Alvieri, LockBit posted an entry for the daycare center on its data leak site, indicating it would release the stolen files on May 15th if the ransom went unpaid.
However, Alvieri later reported that LockBit decided to delete the stolen data and offer the decryptor to the daycare for free. So why the sudden change of heart?
LockBit rents out its malware to other criminals in a ransomware-as-service operation. When those criminals successfully extort payment from their victims, LockBit takes a cut. However, it has certain standards it expects its criminal partners to meet. One of them appears to be not targeting children.
The LockBit administrator offered the following comment on the Keystone Smiles attack: “Please forgive me for allowing the attack on small innocent children, the stolen data has been deleted, to get the decryptor please give me the decryption id. I am very ashamed, but I cannot control all partners, anyone can join my affiliate program as well as break the rules, I have blocked this partner.”
This is not the only time LockBit has apologized when children were targeted by its ransomware. Just this week, it extended the exact same apology and offer to the Olympia Community Unit School District 16, who had been targeted by a LockBit partner earlier this year. And in January it apologized after hitting Sick Kids hospital in Toronto and gave them a free decryptor.
Shortly after the apology to Keystone Smiles, however, Alvieri reported an entry for an Italian hospital appeared on its data leak site. And in case you thought the ransomware gang had grown a conscience, an apology for that attack, along with a free decryptor, has not yet been made.