As deadline looms, company says it is unable to pay $25 million ransom.
Published May 22, 2024 • Last updated May 23, 2024 • 3 minute read
You can save this article by registering for free here. Or sign-in if you have an account.
London Drugs was forced to shutter all of its 79 stores in Western Canada for about a week in early May following a hacking attack.Photo by Jason Payne /PNG
Article content
As London Drugs faces a $25-million ransom demand from a “group of global cybercriminals,” an Internet security expert says he would have been surprised if no demand was made.
“It’s the obvious next step. I was wondering because we hadn’t heard anything so far,” said Apurva Narayan, a professor in the computer science department at the University of B.C.
He said the ransom demand is likely one of two ways the group hopes to profit from the cyberattack on London Drugs, which forced the company to shutter all of its 79 stores in Western Canada for about a week in early May. The hackers were probably seeking personal information on customers as well.
Advertisement 2
This advertisement has not loaded yet, but your article continues below.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
Unlimited online access to articles from across Canada with one account.
Get exclusive access to the Vancouver Sun ePaper, an electronic replica of the print edition that you can share, download and comment on.
Enjoy insights and behind-the-scenes analysis from our award-winning journalists.
Support local journalists and the next generation of journalists.
Daily puzzles including the New York Times Crossword.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
Unlimited online access to articles from across Canada with one account.
Get exclusive access to the Vancouver Sun ePaper, an electronic replica of the print edition that you can share, download and comment on.
Enjoy insights and behind-the-scenes analysis from our award-winning journalists.
Support local journalists and the next generation of journalists.
Daily puzzles including the New York Times Crossword.
REGISTER / SIGN IN TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
Access articles from across Canada with one account.
Share your thoughts and join the conversation in the comments.
Enjoy additional articles per month.
Get email updates from your favourite authors.
Sign In or Create an Account
or
Article content
Narayan said individuals are “very likely” to be impacted by the security breach, depending on what kind of information the hackers were able to obtain.
“They might not see the effects immediately, but in six months, they might notice spam calls or fraudulent activity on credit cards,” he said.
In a statement issued Tuesday when news of the ransom became public, London Drugs said it is “unwilling and unable to pay ransom to these cybercriminals.”
The company said it believes no customer, patient or “primary employee” databases were compromised.
While London Drugs did not name the group responsible for the attack, the Victoria Times Colonist reported that ransomware syndicate LockBit posted a notice on a dark-web site on Tuesday threatening to release stolen data unless it was paid $25 million by Thursday.
The group did not provide details about the data it claimed to have stolen, said the Times Colonist.
Narayan said cybercriminals will usually “release a glimpse” of the data as proof.
“The data could be released even if you pay them,” he said. “It is all in the hands of these people.”
Sunrise
Start your day with a roundup of B.C.-focused news and opinion.
By signing up you consent to receive the above newsletter from Postmedia Network Inc.
Thanks for signing up!
A welcome email is on its way. If you don’t see it, please check your junk folder.
The next issue of Sunrise will soon be in your inbox.
We encountered an issue signing you up. Please try again
Article content
Advertisement 3
This advertisement has not loaded yet, but your article continues below.
Article content
Nick Nouri, president of North Vancouver-based cybersecurity company Compunet Infotech, said some companies decide to pay a ransom, but each case is different. It often comes down to who the hackers are — if they are known to “stand behind their words” and not release information when paid — and what kind, or how much, information they hold.
“Generally, we don’t want to deal with (hackers) or pay them. But in some cases, there may be more problems if you don’t,” he said.
If a company can negotiate the ransom down to a couple million dollars, it might feel that is the best response, he said.
Narayan said it is typically better for companies to move forward after an attack.
“You can’t change the past, but you need to be proactive about the future,” he said.
In its statement, London Drugs said it is trying to mitigate the impacts of the attack, including notifying its current employees of potential effects. It is also providing 24 months of free credit monitoring and identity-theft protection services to them, “regardless of whether any of their data is ultimately found to be compromised or not.”
Advertisement 4
This advertisement has not loaded yet, but your article continues below.
Article content
“We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information on the dark web. This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts.”
In a statement, the Canadian Centre for Cyber Security said ransomware is “almost certainly the most disruptive form of cybercrime” and a persistent threat to Canadian organizations. Incidents can be costly and disrupt critical services, as well as the movement of goods.
The level of malicious cyber activity in Canada is “significantly under-reported,” said the statement.
Nouri said for many companies it’s a matter of when, not if, they will become a target. While the London Drugs attack has been well publicized, attacks on other businesses, including law firms and accounting companies, happen frequently, with little public notice.
He said employee education is key.
“You can have the best security software behind you,” he said, “and then someone clicks on a link.”
