For RaaS Groups, Are Ethics a Selling Point?


Katherine Gorham
January 25, 2023

For RaaS Groups, Are Ethics a Selling Point?

The LockBit ransomware operators have had a busy new year, with a notable attack on Britain’s Royal Mail that disrupted the postal service’s ability to send international letters and parcels: Royal Mail ransomware attackers threaten to publish stolen data. However, it seems that there are some targets LockBit feels should be off-limits.

When LockBit’s ransomware was used to target the SickKids Hospital in late December, LockBit took the unusual step of apologizing for the attack and providing a decryptor to the victims: Ransomware group LockBit apologizes saying ‘partner’ was behind SickKids attack.

LockBit is a Ransomware-as-a-Service (RaaS) provider. Part of what it does is to “rent” access to its malware to other hackers, in exchange for a percentage of any ransom they manage to extract from victims. This is a competitive environment, and hackers “appear to move between the operators frequently,” says Chester Wisniewski, a security researcher at Sophos. RaaS providers need a way to differentiate themselves from the competition, and it seems that LockBit is branding itself as … the ethical choice. Wait, what?

“LockBit’s apology … appears to be a way of managing its image,” Wisniewski said. 

LockBit ransomware has been used in many previous successful attacks on hospitals, so it’s not that health care is off-limits. It seems, however, that LockBit thinks that some of their partners “might see the attack on a children’s hospital as a step too far.”

LockBit claims that the affiliate who was behind the attack on the SickKids Hospital has been blocked from doing any more business with LockBit. It’s fascinating that losing the potential revenue from this one affiliate appears to be less of a concern than the reaction of LockBit’s other customers. However tempting it might be to get misty-eyed about honor among thieves, remember that this is a rare event, and there’s no guarantee that it will ever be repeated. Everyone who isn’t a children’s hospital is still very much a target.

Sign Up For Our Newsletter

Don't worry, we hate spam too!

Other Articles You May Be Interested In:

Get Help Preparing For; Preventing;

Or Recovering From Ransomware Now

Get The Latest On Ransomware 
Right In Your Inbox

Sign Up To Receive Our 
Monthly Ransomware Newsletter

© Future US LLC, Full 7th Floor, 130 West 42nd Street, New York, NY 10036
envelope linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram