Advertisement

London Drugs hackers seek millions in ransom on claims of stolen employee data

Click to play video: 'London Drugs ‘unwilling and unable’ to pay ransom demanded by hackers'
London Drugs ‘unwilling and unable’ to pay ransom demanded by hackers
WATCH: London Drugs says it is "unwilling and unable" to pay the $25 million ransom demanded by cybercriminals who breached the Western Canadian pharmacy and retailer's computer systems in April, which prompted the company to close all of its 79 stores for several days. Heather Yourex-West explains what this could mean for London Drugs' staff and customers. – May 22, 2024

London Drugs has confirmed that the cybersecurity breach that forced it to close stores across Western Canada for more than a week was a ransomware attack.

In a statement, the company said there remained no indication that customer or “primary employee” data was accessed. But it confirmed that the attackers were able to steal files from its corporate head office, some of which may include employee information.

Click to play video: 'Cybercriminals may release London Drugs data if ransom demands not met'
Cybercriminals may release London Drugs data if ransom demands not met

“London Drugs is unwilling and unable to pay ransom to these cybercriminals,” the company said.

Story continues below advertisement

“London Drugs is taking all available steps to mitigate any impacts from these criminal acts, including notifying all current employees whose personal information could be potentially impacted.”

The attackers are seeking a ransom of $25 million and threatening to post the stolen data on the dark web, according to threat analyst Brett Callow, with New Zealand-based cybersecurity company Emsisoft.

Click to play video: 'London Drugs cyberattack recovery'
London Drugs cyberattack recovery

Callow said notorious ransomware operation LockBit has claimed responsibility on its dark web extortion website.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

LockBit has claimed London Drugs offered to pay $8 million but says it will release the stolen data if it isn’t paid the full amount within 48 hours, according to its post. London Drugs is not confirming any details about the ransom demands.

“LockBit has been one of the most prolific ransomware operations since 2019. They have launched successful attacks against thousands of organizations,” Callow said.

Story continues below advertisement

“They are known to have reaped more than $100 million in ransom demands.”

Click to play video: 'London Drugs stores reopening after ‘cybersecurity incident’'
London Drugs stores reopening after ‘cybersecurity incident’

Callow said the U.K. National Crime Agency, working with international law enforcement, successfully disrupted LockBit in February.

That operation led to the arrest of two people in Poland and Ukraine and the seizure of 200 cryptocurrency accounts.

U.K. officials also unmasked the organization’s kingpin as Russian national Dmitry Khoroshev. who is now the subject of a $10 million reward posted by U.S. authorities.

“That acted as a speedbump for sure, but they do seem to still be active,” he said, adding that extraditing Khoroshev from Russia is essentially impossible.

Click to play video: 'London Drugs investigates cyberattack and possible impact on personal information'
London Drugs investigates cyberattack and possible impact on personal information

Callow said London Drugs was likely not unique as a target, explaining that ransomware attacks are “low effort” and deployed against numerous targets who the attackers believe may be able to pay.

Story continues below advertisement

The cyber racket is believed to have cost businesses as much as $1 billion last year alone, he said.

“The absolute best path is the one that London Drugs has taken, to refuse to pay,” he said.

“These people are untrustworthy bad faith actors, there is no guarantee that paying the demand will result in you either getting a key to decrypt your data or that whatever data was stolen will be deleted.”

Click to play video: 'London Drugs cybersecurity concerns continue'
London Drugs cybersecurity concerns continue

London Drugs reopened its 79 stores across Western Canada on May 7, after painstakingly rebuilding systems targeted in the April 28 attack.

The company said Tuesday it was not able to provide specifics on the nature or extent of potentially affected employee personal information.

“Our review is underway, but due to and the extent of system damage caused by this cyber incident, we expect this review will take some time to perform,” it said.

Story continues below advertisement

It said it has proactively notified all current employees and is offering 24 months of credit monitoring and identity theft protection services.

The company added it will directly contact affected employees to notify them if any personal information was compromised.

Editor’s note: This is a corrected story. A previous version incorrectly reported Brett Callow’s title and Emsisoft’s location.

 

Sponsored content

AdChoices