British Columbia: Last month’s cyberattack on London Drugs, a pharmacy and retail chain, led to the temporary closure of all its stores in Western Canada. The attack was carried out by a “sophisticated group of global cybercriminals” demanding a ransom and threatening to leak the company’s data if the ransom is not paid. Although London Drugs reported that so far, patient, customer, and “primary employee” databases do not appear to be compromised, the investigation is still ongoing.
In its statement, London Drugs did not disclose the name of the criminal group, but Brett Callow, a threat analyst at cybersecurity firm Emsisoft, identified the attackers as LockBit, a notorious ransomware group. LockBit has threatened to release data allegedly stolen from London Drugs within 48 hours unless a $25 million ransom is paid, claiming the company has offered $8 million.
Callow commended London Drugs for refusing to pay the ransom, stating it was “absolutely the right decision.” He explained that paying the ransom does not guarantee the deletion of the data, as law enforcement has found LockBit servers with data from multiple companies that paid for its erasure.
In 2023, cybercriminals collected $1.1 billion in ransom payments, with the majority coming from companies in the U.S. and Canada, according to crypto-tracing firm Chainlysis.