Cybercriminals threaten to leak London Drugs data if it doesn't pay $25M ransom
Last month’s cyberattack on pharmacy and retail chain London Drugs that forced the closure of all its stores in Western Canada was orchestrated by a “sophisticated group of global cybercriminals” who are demanding a ransom—and say they’ll leak the company’s data if it doesn’t pay up.
In a statement to CTV News Tuesday, London Drugs said it has learned that it’s been “identified by cybercriminals on the dark web” as the victim of file theft from its corporate head office, and that some of those files may contain employee information.
The company said that to date it doesn’t appear that patient, customer or “primary employee” databases have actually been compromised, but the investigation into the cyberattack is ongoing.
In its statement, London Drugs did not name the criminal group behind the attack, but Brett Callow, a threat analyst at cybersecurity company Emsisoft identified it as LockBit, a prolific ransomware operation.
Callow told CTV News Emsisoft’s trackers found out about the ransom “fairly quickly” by pulling data off the dark web.
In a screenshot shared with CTV News, LockBit says it will release data it claims to have stolen from London Drugs in 48 hours if it does not pay $25 million. The post also claims that London Drugs has offered to pay $8 million.
London Drugs said it is “unwilling and unable to pay ransom to these cybercriminals.”
“We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information on the Dark Web. This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts,” the statement continues.
London Drugs says it notified all current employees of the potential breach and offered 24 months of free credit monitoring and identity theft services, regardless of whether or not any of their data was ultimately stolen.
Callow said that London Drugs made “absolutely the right decision” by refusing to pay the ransom.
There’s no guarantee LockBit would delete the data if London Drugs capitulates, he explained, adding that law enforcement has previously found LockBit servers containing data from multiple companies that paid to have it erased.
“They are untrustworthy, bad-faith actors,” he said.
LockBit, through affiliates using its ransomware tools, has extorted $120 million from thousands of victims since 2019, which include airplane manufacturer Boeing, Britain’s National Health Service and China’s biggest bank, according to The Associated Press.
Its ransom demands range from the tens of thousands of dollars to tens of millions, Callow said.
He added that all London Drugs can do now is to support employees whose information may be compromised and hope law enforcement agencies take down LockBit.
Overall, cybercriminals collected $1.1 billion in ransom in 2023, according to crypto-tracing firm Chainalysis. “The bulk of that would have been paid by companies in the U.S. and Canada,” Callow said.
“Victims often claim that the attacks were sophisticated, but most ransomware attacks succeed because of fairly basic security failings, so there are absolutely things organizations can do to reduce the likelihood of becoming the next victim,” he said.
London Drugs said it would not give any interviews Tuesday.
CTVNews.ca Top Stories
![](https://www.ctvnews.ca/polopoly_fs/1.6936072.1718986689!/httpImage/image.jpg_gen/derivatives/landscape_800/image.jpg)
Job losses and killer robots: The 'Godfather of AI' describes plenty to fear, but there may be room for hope
University of Toronto computer scientist Geoffrey Hinton describes plenty to fear with AI, but with visions of combat drones, mass surveillance and robot overlords ahead, there may be space for hope.
'I'm sorry, I'm just frustrated': Video appears to show man spit on MP
A video circulating online appears to show MP and former cabinet minister Marco Mendicino get spat on while on his way into a government building in Ottawa.
4 people found dead in southwestern Ontario town of Harrow
Ontario Provincial Police are investigating after four people were found dead in the town of Harrow, just south of Windsor. Officers were called to a residence on County Road 13 at approximately 1:30 p.m. on Thursday.
More than 100 stolen vehicles recovered in auto theft probe involving ServiceOntario employee: Toronto police
Toronto police say they have arrested four suspects and recovered more than 100 stolen vehicles as part of a months-long auto theft probe that involved a former ServiceOntario employee.
EXCLUSIVE ‘We were in danger’: Timmins, Ont., manhunt prompts questions from cottagers near shootout
Cottagers who live near the area where murder suspect Lucas MacDonald was captured say they didn't realize how much danger they were in.
Car dealerships in Canada, U.S. disrupted by multi-day outage after cyberattacks
CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks on Wednesday. That led to an outage that continued to impact many of their operations on Friday.
Shiny monolith removed from mountains outside Las Vegas. How it got there is still a mystery
A strange monolith found jutting out of the rocks in a remote mountain range near Las Vegas has been taken down by authorities.
It's the longest bridge ever built in Peru, and so far, it goes nowhere
It is the longest bridge ever built in Peru, a massive structure of cement and iron spanning the Nanay River as it connects to untouched areas of the Peruvian Amazon. So far, it goes nowhere.
Skin cancer signs: How can you tell if a suspicious spot is serious?
Doctors say changes in the skin are normal as you age, from spots of various colours to dark streaks in nails. But sometimes, they're not innocuous.