Cybercriminals threaten to leak London Drugs data if it doesn't pay $25M ransom
Last month’s cyberattack on pharmacy and retail chain London Drugs that forced the closure of all its stores in Western Canada was orchestrated by a “sophisticated group of global cybercriminals” who are demanding a ransom—and say they’ll leak the company’s data if it doesn’t pay up.
In a statement to CTV News Tuesday, London Drugs said it has learned that it’s been “identified by cybercriminals on the dark web” as the victim of file theft from its corporate head office, and that some of those files may contain employee information.
The company said that to date it doesn’t appear that patient, customer or “primary employee” databases have actually been compromised, but the investigation into the cyberattack is ongoing.
In its statement, London Drugs did not name the criminal group behind the attack, but Brett Callow, a threat analyst at cybersecurity company Emsisoft identified it as LockBit, a prolific ransomware operation.
Callow told CTV News Emsisoft’s trackers found out about the ransom “fairly quickly” by pulling data off the dark web.
In a screenshot shared with CTV News, LockBit says it will release data it claims to have stolen from London Drugs in 48 hours if it does not pay $25 million. The post also claims that London Drugs has offered to pay $8 million.
London Drugs said it is “unwilling and unable to pay ransom to these cybercriminals.”
“We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information on the Dark Web. This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts,” the statement continues.
London Drugs says it notified all current employees of the potential breach and offered 24 months of free credit monitoring and identity theft services, regardless of whether or not any of their data was ultimately stolen.
Callow said that London Drugs made “absolutely the right decision” by refusing to pay the ransom.
There’s no guarantee LockBit would delete the data if London Drugs capitulates, he explained, adding that law enforcement has previously found LockBit servers containing data from multiple companies that paid to have it erased.
“They are untrustworthy, bad-faith actors,” he said.
LockBit, through affiliates using its ransomware tools, has extorted $120 million from thousands of victims since 2019, which include airplane manufacturer Boeing, Britain’s National Health Service and China’s biggest bank, according to The Associated Press.
Its ransom demands range from the tens of thousands of dollars to tens of millions, Callow said.
He added that all London Drugs can do now is to support employees whose information may be compromised and hope law enforcement agencies take down LockBit.
Overall, cybercriminals collected $1.1 billion in ransom in 2023, according to crypto-tracing firm Chainalysis. “The bulk of that would have been paid by companies in the U.S. and Canada,” Callow said.
“Victims often claim that the attacks were sophisticated, but most ransomware attacks succeed because of fairly basic security failings, so there are absolutely things organizations can do to reduce the likelihood of becoming the next victim,” he said.
London Drugs said it would not give any interviews Tuesday.
CTVNews.ca Top Stories
Oilers force Game 7 of Stanley Cup final with 5-1 win over Panthers
The Oilers are one win from history. The Panthers are one loss from infamy. Zach Hyman scored his playoff-leading 16th goal and Stuart Skinner made 20 saves as Edmonton defeated Florida 5-1 on Friday to force Game 7 in the Stanley Cup final.
Where is Louis Riel? Heritage Minute of Métis leader quietly removed
A decision to quietly remove a decades-old Heritage Minute on Louis Riel has left some in the Métis community scratching their heads, as questions are raised about how Canada's history is portrayed.
Heritage minister views next election as a referendum on Canadian cultural reforms
Minister of Canadian Heritage Pascale St-Onge says the next federal election could become a referendum on Canadian culture and the trio of legislative measures the Liberals have advanced to try to protect it.
Billionaire businessman James K. Irving dead at 96
The family of Canadian billionaire businessman James K. Irving has announced his death at the age of 96, just over a month after the death of his younger brother, Arthur.
'Reckless in the extreme': Lamborghini driver convicted for crash while passing Toronto streetcar
A Lamborghini driver who tried to pass a Toronto streetcar at three times the speed limit, striking several parked cars and totalling his own vehicle, has been found guilty of dangerous driving causing bodily harm.
Pedestrian killed on Hwy. 97 following bus crash that caused 'numerous' injuries
A pedestrian was struck and killed on Highway 97 in the B.C. Interior early Friday afternoon as emergency crews were responding a school bus crash that caused “numerous” injuries to those on board.
4 people found dead in southwestern Ontario town of Harrow
Ontario Provincial Police are investigating after four people were found dead in the town of Harrow, just south of Windsor. Officers were called to a residence on County Road 13 at approximately 1:30 p.m. on Thursday.
4 members of a billionaire family get prison in Switzerland for exploiting domestic workers
An Indian-born billionaire and three family members were sentenced to prison on Friday for exploiting domestic workers at their lakeside villa in Switzerland by seizing their passports, barring them from going out and making them work up to 18 hours a day.
MP Marco Mendicino spat on by man in Ottawa
A video circulating online shows MP and former cabinet minister Marco Mendicino get spat on while on his way into a government building in Ottawa.