All stores in Western Canada were forced to close last month after London Drugs was attacked by a group of cybercriminals. The cybercriminals are demanding $25 million and have threatened to release the company’s data if they fail to pay.
London Drugs told our media team that it found out cybercriminals on the dark web stole files from its head office, and some of those files might have some employees information.
The company hasn’t found any proof that the patients, customers, or main employees’ information has been stolen, but they are still looking into the cyberattack.
London Drugs didn’t say the name of the criminal group, but the cyber expert Brett Callow thinks it was LockBit. LockBit is known for doing a lot of ransomware attacks.
Callow told CTV News that Emsisoft’s trackers found out about the ransom “pretty fast” by gathering information from the dark web.
LockBit says it will share data it says it took from London Drugs in 48 hours if London Drugs doesn’t give them $25 million. The post also says that London Drugs has said they will pay $8 million.
London Drugs said they don’t want to pay money to the cybercriminals.
“We know that these criminals might release London Drugs corporate files that they stole, some of which could have employee information, on the Dark Web. ” This is very upsetting, and London Drugs is doing everything it can to reduce the impact of these criminal acts.
London Drugs told all their employees about a possible security problem and gave them two years of free credit monitoring and identity theft protection, even if their information wasn’t stolen.
Callow said that London Drugs made the right choice by not paying the ransom.
He said there’s no promise that LockBit would actually delete the data if London Drugs gives in. Law enforcement has found that LockBit servers still had data from companies that paid to have it deleted before.
“He said they can’t be trusted and are not honest. ”
LockBit and its partners have used their ransomware to forcefully take $120 million from many people and organizations. Some of the victims include Boeing, Britain’s National Health Service, and China’s largest bank. This information was reported by The Associated Press.
It asks for money in exchange for the release of the hostages, ranging from tens of thousands to tens of millions of dollars.
He said that London Drugs can only help their employees if their information has been stolen and hope that the police can catch the people behind LockBit.
In 2023, cybercriminals got $1.1 billion in ransom, as said by crypto-tracing company Chainalysis. “Most of the money would have been paid by American companies. ” Callow said, “and Canada. ”
“Many victims say the attacks were complicated, but most ransomware attacks happen because of simple security mistakes. Organizations can do things to lower the chances of being attacked,” he said.
London Drugs said they will not do any interviews on Tuesday.
Date:
Hackers threaten to release London Drugs’ data if it refuses to pay $25 million
