Earlier this morning we broadcasted a message wanting information on the ransomware attack against Katholische Hospitalvereinigung Ostwestfalen (KHO), a healthcare network in Germany. This attack resulted in the shutdown of over 1,800 hospital beds, 23 specialist departments, and over 800 healthcare professionals being unable to work.
We spoke with many professionals in Germany and coordinated a conversation with Lockbit ransomware group administrative staff.
We discovered, and confirmed in more ways than one, this was not an attack performed by Lockbit ransomware group. This was an attack performed by a group of unknown individuals using the leaked Lockbit Black ransomware builder, which was leaked in April, 2023. This is why the KHO healthcare network has not been listed on the Lockbit ransomware group website.
Lockbit ransomware group administration expressed their frustration to us - they were unhappy someone was using their leaked builder and using their branding.
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
