Cybercriminals Threaten To Leak London Drugs Data

Cybercriminals threaten to leak London Drugs data if it doesn’t pay $25M ransom. Last month’s cyberattack on pharmacy and retail chain London Drugs, which forced the closure of all its locations in Western Canada, was perpetrated by a “sophisticated group of global cybercriminals” who are demanding a ransom—and threatening to release the company’s data if it does not pay.

London Drug statement about the cyberattack:

In a statement to CTV News on Tuesday, London Drugs stated that it had been “identified by cybercriminals on the dark web” as the victim of file theft from its corporate headquarters, with some of those files potentially containing employee information.

According to the organization, no patient, customer, or “primary employee” databases appear to have been compromise as of yet, although the cyberattack is still being investigated.

Suspected group behind the attack:

London Drugs did not name the criminal group responsible for the attack in its statement, but Brett Callow, a threat analyst at cybersecurity firm Emsisoft, recognized it as LockBit, a prominent ransomware operation.

Corporate data from London Drugs, some of which may contain employee information, are available on the Dark Web. This is profoundly troubling, and London Drugs is taking all feasible steps to alleviate the consequences of these criminal activities,” the statement says.

Initiatives taking by London Drug:

London Drugs claims it will notify all existing workers of the potential breach and give 24 months of free credit monitoring and identity theft services, regardless of whether any of their data was eventually stolen.

Callow stated that London Drugs made “absolutely the right decision” in refusing to pay the ransom.

There is no guarantee that LockBit will remove the data if London Drugs surrenders, he continued, noting that law enforcement has already discovered LockBit servers storing data from various organizations that paid to have it erased.

“They are untrustworthy, bad-faith actors,” he stated.

LockBit has extorted $120 million from thousands of victims since 2019, including Boeing, Britain’s National Health Service, and China’s largest bank, according to The Associated Press.

According to Callow, the ransom demands range from tens of thousands to tens of millions of dollars.

He stated that all London Drugs can do now is support employees whose information may have been expose and hope that law enforcement agencies take LockBit down.

Cybercriminals received $1.1 billion in ransom in 2023, according to crypto-tracing firm Chainalysis. “The bulk of that would have been paid by companies in the U.S. and Canada,” Callow stated.

“Victims often claim that the attacks were sophisticated, but most ransomware attacks succeed because of fairly basic security failings, so there are absolutely things organizations can do to reduce the likelihood of becoming the next victim,” he stated.

London Drugs said it would not do any interviews on Tuesday.