The recent cyber incident against Canadian pharmacy chain London Drugs was in fact a full-blown ransomware attack, in which sensitive data was stolen and a significant ransom was demanded, the company confirmed.
In a statement given to RegisterThe company said it had been affected, but emphasized that it also had no intention of paying the ransom demand.
London Drugs suffered a cyberattack in late April 2024 and was forced to temporarily close its stores across Western Canada following what it described at the time as an “operational issue.”
LockBit strikes again
“Pharmacists are ready to assist with urgent pharmaceutical needs,” the company said at the time. “We advise customers to call their local store pharmacy to make arrangements.” Headquartered in Richmond, Canada, the company operates at least 78 stores across the country.
A month later, the “operational issue” became an “attack orchestrated by a sophisticated group of global cybercriminals.”
This group was later confirmed to be LockBit, one of the largest ransomware actors in the world. He allegedly demanded $25 million in exchange for the decryption key and to keep the stolen data private. The group also said London Drugs was willing to pay $8 million to make the problem go away.
London Drugs, however, said Register that “he is neither willing nor able to pay a ransom to these cybercriminals.”
LockBit apparently stole London Drugs' corporate files, which include employee information. Customers should not be affected, the company said. Details about the type and amount of data are unknown, but London Drugs provided its employees with two years of free identity theft protection and credit monitoring services.
“As noted above, to date we have no indication of any compromise of patient or customer databases; nor do our primary employee-specific databases appear to be compromised. If this changes as the investigation continues, we will notify the affected persons in accordance with privacy laws.” concluded the statement.
