Connect with us

Horoscope

Ransomware group says it will release stolen London Drugs data

Published

on

Threat analyst Brett Callow said his cybersecurity company was aware of the demand “almost immediately” due to trackers on the dark net

Article content

A ransomware gang is threatening to release confidential data it claims to have stolen from London Drugs if it isn’t paid $25 million by Thursday.

The retailer and pharmacy chain closed all of its 79 stores in Western Canada after a cybersecurity breach was discovered on April 28.

Stores weren’t fully reopened until May 7.

On Tuesday, London Drugs confirmed to the Times Colonist that the cyberattack was orchestrated by a “sophisticated group of global cybercriminals” that took electronic files from its corporate head office.

Advertisement 2

Article content

While the company did not name the group responsible for the attack, ransomware syndicate LockBit on Tuesday posted a notice on a dark-web site where stolen information is posted threatening to release the data it had stolen unless it was paid $25 million in the next 48 hours.

Shawnigan Lake-based threat analyst Brett Callow said his cybersecurity company, Emsisoft, was aware of the listing “pretty much straightaway” due to trackers the company has on the dark net.

LockBit claimed that London Drugs had offered to pay an $8 million ransom, without providing any evidence.

The group also did not provide any details about the data it claims to have stolen.

In response to questions from the Times Colonist, London Drugs said it is “unwilling and unable to pay ransom to these cybercriminals.”

The company reiterated that it believes no customer, patient or “primary employee” databases were compromised.

“Should this change as the investigation continues, we will notify affected individuals in accordance with privacy laws,” it said, adding that a review of the cyber incident is still continuing.

Article content

Advertisement 3

Article content

London Drugs is taking “all available steps” to mitigate impacts from the ransom attack, including notifying all of its current employees of the potential effects, the statement said.

It is providing 24 months of free credit monitoring and identity-theft protection services, the statement said.

The company did not make anyone available for an interview Tuesday.

Callow said there’s no reason to believe there’s any connection between any of the recent cyberattacks that hit B.C.-based organizations, such as the B.C. Libraries Cooperative and the three cybersecurity attacks on the provincial government since April 10.

“The government and London Drugs will undoubtedly have been in contact, but there are thousands of these incidents every year.”

LockBit alone had several dozen ransomware threats on its site on Tuesday. The group is among the most prolific ransomware syndicates in the world, accounting for 23 per cent of nearly 4,000 attacks globally last year, according to cybersecurity firm Palo Alto Networks.

There is a “very real risk” that LockBit will carry out its threat and release the data if the ransom isn’t paid, Callow said.

Advertisement 4

Article content

It’s impossible to know exactly what information the group has obtained from London Drugs, he said.

“I’ve seen numerous past cases where organizations have had to walk back their initial statements … they had to admit that it had been compromised when the ransomware group released the data.”

In February, law-enforcement agencies led by Britain’s National Crime Agency arrested two people in Poland and Ukraine and seized 200 cryptocurrency accounts in an international operation targeting LockBit.

At the time, U.S. Attorney General Merrick Garland said the agencies obtained decryption keys that could help victims decrypt their captured systems and regain access to their data during that bust.

One dual Russian-Canadian national, Mikhail Vasiliev, is in custody in Canada in connection with LockBit and is awaiting extradition to the United States.

Authorities have said that there’s no evidence that LockBit, which is dominated by Russian-speakers and does not attack former Soviet nations, is a state-backed group.

London Drugs has about 8,000 employees, according to its website.

Read more stories from the Times Colonist here.

Recommended from Editorial

Article content

Continue Reading