London Drugs hackers seek millions in ransom on claims of stolen employee data
London Drugs has confirmed that the cybersecurity breach that forced it to close stores across Western Canada for more than a week was a ransomware attack.
In a statement, the company said there remained no indication that customer or “primary employee” data was accessed. But it confirmed that the attackers were able to steal files from its corporate head office, some of which may include employee information.
“London Drugs is unwilling and unable to pay ransom to these cybercriminals,” the company said.
“London Drugs is taking all available steps to mitigate any impacts from these criminal acts, including notifying all current employees whose personal information could be potentially impacted.”
The attackers are seeking a ransom of $25 million and threatening to post the stolen data on the dark web, according to threat analyst Brett Callow, with New Zealand-based cybersecurity company Emsisoft.
Callow said notorious ransomware operation LockBit has claimed responsibility on its dark web extortion website.
LockBit has claimed London Drugs offered to pay $8 million but says it will release the stolen data if it isn’t paid the full amount within 48 hours, according to its post. London Drugs is not confirming any details about the ransom demands.
“LockBit has been one of the most prolific ransomware operations since 2019. They have launched successful attacks against thousands of organizations,” Callow said.
“They are known to have reaped more than $100 million in ransom demands.”
Callow said the U.K. National Crime Agency, working with international law enforcement, successfully disrupted LockBit in February.
That operation led to the arrest of two people in Poland and Ukraine and the seizure of 200 cryptocurrency
Read more on globalnews.ca
