Canadian pharmacy chain London Drugs has confirmed that ransomware thugs stole some of its corporate files containing employee information and says it is “unwilling and unable to pay ransom to these cybercriminals.”
In a statement to The Register, the British Columbia-based biz described the April 28 intrusion, which it had previously called a “cybersecurity incident,” as an “attack orchestrated by a sophisticated group of global cybercriminals.”
The digital break-in forced the closure of London Drugs’ 79 locations across British Columbia, Alberta, Saskatchewan, and Manitoba until May 7, although pharmacy staff hung around outside stores to fill vital prescriptions.
“As previously stated, we have no indication to date of any compromise of patient or customer databases; nor do our primary employee specific databases appear compromised. Should this change as the investigation continues, we will notify affected individuals in accordance with privacy laws,” the statement continued.
Ransomware crew LockBit is claiming responsibility for the attack on Tuesday and alleged that London Drugs was willing to pay $8 million. The extortionists have demanded $25 million by Thursday, and threatened to leak the stolen data if the pharmacy chain doesn’t pay up.
While London Drugs didn’t answer The Register‘s specific questions about the intrusion, including whether its execs had offered to pay $8 million, its statement said: “London Drugs is unwilling and unable to pay ransom to these cybercriminals.”
TIt did note that it is “aware that London Drugs has been identified by cybercriminals on the Dark Web as a victim of exfiltration of files from its corporate head office, some of which may contain employee information,” and that the crooks may publish the stolen data.
- London Drugs closes all of its pharmacies following ‘cybersecurity incident’
- British Library’s candid ransomware comms driven by ’emotional intelligence’
- First LockBit, now BreachForums: Are cops winning the war or just a few battles?
- LockBit dethroned as leading ransomware gang for first time post-takedown
While the company has notified all current employees, and will provide them two years of free credit monitoring and identity-theft protection, it hasn’t yet determined how much or what specific personal information was compromised.
“Our review is underway, but due to and the extent of system damage caused by this cyber incident, we expect this review will take some time to perform,” the statement said, adding that after the review has been completed, it will contact employees directly to alert them about what, if any, personal details were stolen.
LockBit’s claims come about three months after law enforcement disrupted the gang’s infrastructure, and later unmasked the crew’s kingpin. And despite the London Drugs infection, there are indications that the UK National Crime Agency-led operation is putting a small dent in the criminals’ illicit endeavors.
According to research published on Wednesday by NCC Group, the gang didn’t register the most number of attacks across a single month for the first time since the February takedown. LockBit only posted 23 victim orgs (including one duplicate) in April, a 60 percent drop compared to its pre-bust numbers. ®
Write a comment
Your email address will not be published. Required fields are marked *