Warm-hearted Lockbit Ransomware Group

An Illinois based school suffered a ransomware attack and was reported to be working closely with a cybersecurity insurance firm to determine the extent of damage that it had sustained.

Olympia Community Unit School District 16 – the largest school district in Illinois, realised on Sunday February 26, 2023, that it had suffered a ransomware attack, after being targeted by an affiliate of the notorious LockBit ransomware group.

LockBit’s leak site on the dark web began to count down to 12 April, when it said it would release all of the exfiltrated data – unless a ransom was paid.

LockBit, like many other ransomware operations, offers what is effectively a ransomware-as-a-service business. It allows affiliates to deploy its ransomware and use its infrastructure when launching extortion attacks against businesses and organisations.

It appears that the affiliates who launched the ransomware attack against Olympia Community Unit School District 16 are not in LockBit’s good books, as the group has expressed remorse for the hacking into servers used by innocent school children.

LockBit’s admin updated its leak site with an apology to the school district, offering a free decryption key, and claimed that the affiliate responsible had been barred from using the ransomware in future:

“Please forgive me for allowing the attack on small innocent children, the stolen data has been deleted, to get the decryptor please give me the decryption id. I am very ashamed, but I can not control all partners, anyone can join my affiliate program as well as break the rules, I have blocked this partner.”