Yesterday we spoke with Lockbit ransomware group administrative staff regarding one of their affiliates attacking KHO (Katholische Hospitalvereinigung Ostwestfalen), a German hospital network. This attack has shut down 1,842 hospital beds, 23 specialist departments, and made it difficult to work for over 820 health professionals.
Lockbit administration has agreed to further investigate the situation and evaluate the circumstances of the victim. However, in order to investigate this, Lockbit administration needs the decryption ID provided to the victim (KHO) which was listed in the ransomware note on the victims machine(s).
If Lockbit administration rules this attack violated their terms of service they will issue a decryptor to the healthcare facility for free.
If any of you have the decryption ID which was present in the ransomware note, please give it to us.
Thank you.
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
