ALondon Drugs, a major Canadian pharmacy chain, recently fell victim to a Lockbit ransomware attack that stole some corporate files containing employee information.
Details of London Drugs Ransomware Attack
In a statement, the company confirmed the April 28th cybersecurity breach, describing it as:
“An attack orchestrated by sophisticated cybercriminals.”
The intrusion forced London Drugs to close all 79 of its stores across four western Canadian provinces from April 28th until May 7th for investigation and recovery efforts.
However, pharmacy employees continued filling important prescriptions by assisting people outside of the closed locations during this time.
Unfortunately, the stolen files are now being held hostage by the Lockbit ransomware group who carried out the ransomware attack. London Drugs said it is “unwilling and unable” to pay any ransom demanded by these cybercriminals to regain control of the information.
In its initial statement, London Drugs noted they have found no evidence thus far of compromised patient, customer or primary employee databases as a result of the London Drugs Ransomware Attack.
They pledged to notify affected individuals if the ongoing investigation uncovers any changes to this assessment in accordance with privacy laws.
LockBit Ransomware Group Takes Credit for the London Drugs Hack
The LockBit ransomware group took credit for the intrusion on Tuesday. They alleged London Drugs was originally willing to pay $8 million, but have since increased their demand to $25 million by Thursday while threatening data leaks if unpaid.
The questions about specifics of the alleged $8 million offer are still nnot answered However, their statement reaffirmed the company will not pay ransom. London Drugs declared they are “unwilling and unable to pay ransom to these cybercriminals.”
As the investigation into the attack continues, full clarity on the negotiation and precise data breach details remain uncertain. The company acknowledged it is aware some corporate files containing employee information were exfiltrated and may be published online by the cybercriminals.
Although London Drugs has notified all current employees of the potential compromise, they have yet to determine the full scope of personal information stolen.
As a precaution, they are providing all employees with two years of free credit monitoring and identity theft protection services. While the notification process is underway, the full audit to understand how much and what specific data was taken is still ongoing.
London Drugs stated their review into the full scope of the incident is still underway due to the extensive damage to systems caused by the cyberattack.
The company expects the audit process will take some time to complete. After the review, London Drugs will directly contact employees to notify them of any personal details that were potentially stolen.
LockBit taking credit for the attack comes around three months after law enforcement disrupted the ransomware group’s infrastructure and unmasked their leader.
Despite the London Drugs Ransomware Attack, there are signs the coordinated NCA operation has begun slowing the criminals’ activities.
Research published by NCC Group on Wednesday found this may be the first month where LockBit did not have the highest number of attacks since the February takedown.
Only 23 victim organizations fell to LockBit ransomware group in April, a 60% drop from pre-disruption levels, including one duplicate entry. This indicates law enforcement efforts are placing some limitations on the ransomware gang’s illicit operations.
