LockBit demands $25 million from London Drugs, confirming breach was actually a ransomware attack
The recent cyber incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, stealing sensitive data and demanding a large ransom, the company has confirmed.
In a statement issued to The registerthe company said it had been affected, but emphasized that it also had no intention of paying the ransom.
London Drugs suffered a cyberattack in late April 2024 and was forced to temporarily close its stores in Western Canada after what it described at the time as an “operational issue.”
LockBit strikes again
“Pharmacists are ready to assist with urgent pharmacy needs,” the company said at the time. “We advise customers to call their local store pharmacy to make appointments.” The company is headquartered in Richmond, Canada and has at least 78 stores across the country.
A month later, the “operational issue” became an “attack orchestrated by a sophisticated group of global cybercriminals.”
This group was later confirmed to be LockBit, one of the world’s largest ransomware players. It reportedly demanded $25 million in exchange for the decryption key and for keeping the stolen data private. The group also said London Drugs was willing to pay $8 million to make the problem go away.
However, London Drugs told The register that it is “unwilling and unable to pay ransoms to these cybercriminals.”
LockBit apparently stole London Drugs’ corporate files, which contained employee information. Customers should not experience any inconvenience, the company said. The details about the type and amount of data are unknown, but London Drugs did give its employees two years of free identity theft protection and credit monitoring services.
“As previously stated, we have no indications to date of any breach of any patient or customer databases; nor do our primary employee-specific databases appear to have been compromised. Should this change as the investigation continues, we will notify the individuals involved in accordance with privacy laws.” the statement ended.