Hackers release corporate data stolen from London Drugs
Retailer London Drugs says cybercriminals who stole files from its corporate head office last month have released some of the data after it refused to pay a ransom.
The Richmond, B.C.-based company says in a statement the files may contain "some employee information," calling it a "deeply distressing" situation.
London Drugs was responding to a social media post by Brett Callow, a B.C.-based threat analyst with anti-virus software company Emsisoft, which said the hacking group LockBit had released what it claimed was the company's data.
Lockbit has been described by British authorities as "the world's most harmful cybercrime group."
Callow said LockBit released more than 300 gigabytes of data on Thursday, describing it as an "absolutely huge amount" of information that could represent hundreds of thousands or possibly even millions of individual records.
He said that if the data proved to be from London Drugs, the move suggested LockBit had "given up" on being able to monetize the attack. The release also showed the hackers' future victims what could happen if they refused to pay up, Callow said.
The statement from London Drugs said it was "unwilling and unable" to pay a ransom to hackers it described as "a sophisticated group of global cybercriminals."
It said London Drugs was notifying employees whose personal information may have been affected and offering them credit monitoring and identity theft protection services.
The company said there was no indication any patient or customer databases were compromised in the breach that forced London Drugs to shut down its stores across Western Canada after it was discovered on April 28.
It said it was reviewing the files that may have been stolen and it would contact affected employees to tell them what personal information had been compromised.
Callow said London Drugs employees who were worried about the potential release of their personal information should be "very skeptical" of any communications they receive and avoid clicking on links in any unfamiliar text messages or emails.
He said it was possible that leaked data could be downloaded and used for identity-related fraud, but there was no evidence this was happening routinely with such releases.
"For the most part, the data simply seems to sit there and generally not be misused. So this isn't a no-risk situation by any means for the individuals whose information has been compromised, but the good news is that it is fairly low risk."
Callow said the National Crime Agency of the United Kingdom led a consortium of law enforcement agencies in disrupting LockBit's activities in February.
At the time, a statement from the agency said it had infiltrated LockBit's network and taken control of its services, "compromising their entire criminal enterprise."
It described LockBit as "the world's most harmful cybercrime group," providing a global network of hackers with the tools they need to carry out attacks.
A subsequent statement issued earlier this month identified a man from Russia as the "administrator and developer of the LockBit ransomware group."
It said the man would be subject to a series of asset freezes and travel bans, and U.S. authorities were offering a reward of up to US$10 million for information leading to his arrest and conviction.
The agency said LockBit had "attempted to rebuild," but the group was running at limited capacity and the global threat it poses was "significantly reduced."
Still, it said the group had created a "new leak site."
The statement said data obtained from LockBit systems showed hackers conducted more than 7,000 attacks using their services between June 2022 and last February.
The Canadian RCMP is listed among law enforcement agencies around the world that have participated in the taskforce targeting LockBit.
It's very difficult for police in Canada to pursue cybercriminals, such as those behind LockBit, who are based outside the country, Callow said in an interview.
Russia doesn't extradite its citizens, he noted.
The hardest-hit countries in the attacks were the United Kingdom, United States, France, Germany and China, the U.K. agency said.
London Drugs closed all 79 of its stores in B.C., Alberta, Saskatchewan, and Manitoba when it became aware of the cyberattack.
All of the stores weren't open again until May 7.
The attack was part of a series of hacking incidents that included what the B.C. government called a "sophisticated" attempt by criminals to breach its systems.
This report by The Canadian Press was first published May 23, 2024.
CTVNews.ca Top Stories
![](https://www.ctvnews.ca/polopoly_fs/1.6976871.1721873052!/httpImage/image.jpg_gen/derivatives/landscape_800/image.jpg)
DEVELOPING Jasper updates: 'Significant loss' within Jasper townsite
One of two wildfires threatening Jasper National Park has reached the townsite.
Alberta calls in army to assist with wildfire situation
Alberta has called in the Canadian Armed Forces to help assist with the worsening wildfire situation in the province.
Biden explains why he ended re-election bid in Oval Office address
U.S. President Joe Biden on Wednesday delivered a solemn call to voters to defend the country's democracy as he laid out in an Oval Office address his decision to drop his bid for reelection and throw his support behind Vice President Kamala Harris.
Barrie-Innisfil MPP 'blacked-out' and crashed car into window of child care centre
Staff at a Barrie child care centre say they are frustrated by what they call a local MPP's inadequate response after a car crashed through a window in one of the toddler rooms.
Norad intercepts Russian and Chinese bombers operating together near Alaska in apparent first
The North American Aerospace Defence Command (Norad) intercepted two Russian and two Chinese bombers flying near Alaska Wednesday in what appears to be the first time the two countries have been intercepted while operating together.
2 Canadians being 'sent home immediately,' removed from Olympic team after drone incident
An analyst and an assistant coach with Canada Soccer are being removed from the Canadian Olympic Team and 'sent home immediately,' according to the Canadian Olympic Committee.
An unwelcome attendee has joined the Paris Olympic Games: COVID-19
After a handful of Australian water polo players tested positive for COVID-19 this week, questions have emerged around how the spread of the disease will be mitigated at the Summer Olympic Games in Paris.
Vacations, meals, booze: Contractor used $100K of charity's money for personal expenses, B.C. court finds
A B.C. man who was hired to help a non-profit build a food hub but instead spent the money on personal expenses – including travel, restaurants, booze and cannabis – has been ordered to pay more than $120,000 in damages.
Male, female killed, 2 others injured in 'gun battle' outside Toronto plaza: police
Two people are dead and two others suffered serious injuries following a shooting that police have described as a 'gun battle' outside a plaza in Scarborough, Ont. early Wednesday morning.