Achi news desk-
Last month’s cyber attack on pharmacy and retail chain London Drugs that forced the closure of all its stores in Western Canada was orchestrated by a “sophisticated group of global cybercriminals” who are demanding a ransom – and say they will leak the data of the company if it does so. not paying up.
In a statement to CTV News Tuesday, London Drugs said it has learned it has “been identified by cybercriminals on the dark web” as a victim of the theft of files from its corporate headquarters, and that some of those files may contain information about employees.
The company said so far it does not appear that patient, customer or “key employee” databases have actually been compromised, but the investigation into the cyber attack is ongoing.
In its statement, London Drugs did not name the criminal group behind the attack, but Brett Callow, a threat analyst at cyber security firm Emsisoft identified LockBit, a prolific ransomware operation.
Callow told CTV News that Emsisoft’s trackers found out about the ransom “fairly quickly” by pulling data from the dark web.
In a photo shared with CTV News, LockBit says it will release data it claims it stole from London Drugs in 48 hours if it doesn’t pay $25 million. The post also claims that London Drugs offered to pay $8 million.
London Drugs said it was “unwilling and unable to pay ransom to these cybercriminals.”
“We recognize that these criminals may release stolen London Drugs corporate files, some of which may contain information about employees on the Dark Web. This is deeply distressing, and London Drugs is taking every step available to mitigate any effects of these criminal acts,” the statement continued.
London Drugs says it has notified all current employees of the potential breach and offered 24 months of free credit monitoring and identity theft services, whether or not any of their data was ultimately stolen. over there
Callow said London Drugs had made “absolutely the right decision” by refusing to pay the ransom.
There is no guarantee that LockBit would delete the data if London Drugs goes bust, he explained, adding that law enforcement has previously found LockBit’s servers containing data from multiple companies it paid for. remove
“They are unfaithful, unreliable actors,” he said.
LockBit, through affiliates that use its ransomware tools, has extorted $120 million from thousands of victims since 2019, which include aircraft manufacturer Boeing, Britain’s National Health Service and China’s largest bank, according to The Associated Press.
His ransom demands range from tens of thousands of dollars to tens of millions, Callow said.
He added that all London Drugs can do now is support employees whose information may have been compromised and hope law enforcement agencies take down LockBit.
Overall, cybercriminals collected $1.1 billion in ransom in 2023, according to crypto tracking firm Chainalysis. “Most of that would have been paid by companies in the United States and Canada,” Callow said.
“Victims often claim that the attacks are sophisticated, but most ransomware attacks succeed due to fairly basic security failures, so there are things organizations can do absolutely to reduce the likelihood of becoming the next victim,” he said.
London Drugs said it would not be giving any interviews on Tuesday.
