Cybercriminals threaten to leak London Drugs data if it doesn't pay $25M ransom
Last month’s cyberattack on pharmacy and retail chain London Drugs that forced the closure of all its stores in Western Canada was orchestrated by a “sophisticated group of global cybercriminals” who are demanding a ransom—and say they’ll leak the company’s data if it doesn’t pay up.
In a statement to CTV News Tuesday, London Drugs said it has learned that it’s been “identified by cybercriminals on the dark web” as the victim of file theft from its corporate head office, and that some of those files may contain employee information.
The company said that to date it doesn’t appear that patient, customer or “primary employee” databases have actually been compromised, but the investigation into the cyberattack is ongoing.
In its statement, London Drugs did not name the criminal group behind the attack, but Brett Callow, a threat analyst at cybersecurity company Emsisoft identified it as LockBit, a prolific ransomware operation.
Callow told CTV News Emsisoft’s trackers found out about the ransom “fairly quickly” by pulling data off the dark web.
In a screenshot shared with CTV News, LockBit says it will release data it claims to have stolen from London Drugs in 48 hours if it does not pay $25 million. The post also claims that London Drugs has offered to pay $8 million.
London Drugs said it is “unwilling and unable to pay ransom to these cybercriminals.”
“We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information on the Dark Web. This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts,” the statement continues.
London Drugs says it notified all current employees of the potential breach and offered 24 months of free credit monitoring and identity theft services, regardless of whether or not any of their data was ultimately stolen.
Callow said that London Drugs made “absolutely the right decision” by refusing to pay the ransom.
There’s no guarantee LockBit would delete the data if London Drugs capitulates, he explained, adding that law enforcement has previously found LockBit servers containing data from multiple companies that paid to have it erased.
“They are untrustworthy, bad-faith actors,” he said.
LockBit, through affiliates using its ransomware tools, has extorted $120 million from thousands of victims since 2019, which include airplane manufacturer Boeing, Britain’s National Health Service and China’s biggest bank, according to The Associated Press.
Its ransom demands range from the tens of thousands of dollars to tens of millions, Callow said.
He added that all London Drugs can do now is to support employees whose information may be compromised and hope law enforcement agencies take down LockBit.
Overall, cybercriminals collected $1.1 billion in ransom in 2023, according to crypto-tracing firm Chainalysis. “The bulk of that would have been paid by companies in the U.S. and Canada,” Callow said.
“Victims often claim that the attacks were sophisticated, but most ransomware attacks succeed because of fairly basic security failings, so there are absolutely things organizations can do to reduce the likelihood of becoming the next victim,” he said.
London Drugs said it would not give any interviews Tuesday.
CTVNews.ca Top Stories
BREAKING 'All hands on deck situation': City of Calgary declares state of local emergency over water main break
The City of Calgary declared a local state of emergency Saturday morning in response to the latest developments in a major water main break that is impacting the city.
A new tax filing system could give Canadians more than $1 billion in unclaimed benefits: PBO
Canadians would get more than $1 billion in unclaimed benefits each year through an automatic tax filing system, according to a report published by the Parliamentary Budget Officer (PBO).
Video shows northern Ont. storm hammer shoreline, breaking dock
The owner of a northern Ont. camp is continuing to clean up after an intense storm that prompted a tornado warning Thursday ripped through the area breaking his dock and downing trees.
U.K. royals unite on palace balcony as Princess of Wales returns to public view after cancer diagnosis
London put on a display of birthday pageantry Saturday for King Charles III, a military parade that marked the Princess of Wales ' first public appearance since her cancer diagnosis early this year.
Trudeau calls into question findings of stunning watchdog foreign interference report
Prime Minister Justin Trudeau says he has concerns with how conclusions were gathered in a spy watchdog report.
93-year-old pleads guilty to careless driving after crash involving CTV Kitchener reporter
A 93-year-old woman has pleaded guilty to careless driving causing bodily harm in the crash that sent CTV News Kitchener reporter Stephanie Villella to hospital with life-threatening injuries last year.
Man who stabbed Mexican tourist in Vancouver Tim Hortons 2 years ago released from prison, police warn
Vancouver police are warning the public that the man who stabbed a stranger in a downtown coffee shop in January 2022 has been released and will be living in the city again.
Think cicadas are weird? Check out superfans, who eat the bugs, use them in art and even striptease
Mayumi Barrack sees a pair of mating periodical cicadas getting together, whips out her phone, says, 'Hi guys!' and takes their picture.
Abducted child found dead and sister injured in suspected human trafficking case, authorities say
36-year-old Daniel Callihan was arrested Thursday after a 35-year-old mother was found dead and her two abducted daughters were later discovered in Mississippi – one dead and the other alive – in what investigators say may be a human trafficking case.