The Lockbit group has claimed responsibility for a cyber attack on the Canadian network of pharmacies London Drugs and is now threatening to release stolen data following unsuccessful negotiations.
On April 28, the cyber attack by Kiberataka forced London Drugs to close all its pharmacies in western Canada. Although the company stated that there was no evidence of customer or employee data leakage, the company’s website remains inaccessible despite the reopening of all the closed pharmacies.
On May 21, Lockbit added London Drugs to its website, announcing the April cyber attack and threatening to release data stolen from the company’s systems. Despite not providing evidence of actually stealing files from London Drugs servers, the cybercriminals claim that negotiations for a $25 million ransom have failed.
In a statement to BleepingComputer, London Drugs did not confirm Lockbit’s statement but acknowledged the extortionists’ claims about the theft of “corporate files, some of which may contain employee information”, although Lockbit only mentioned “stolen data”.
London Drugs emphasized that they cannot and will not pay the ransom, but acknowledged that the attackers may release stolen corporate files on the darknet.
“At this stage of the investigation, we cannot provide specific details about the nature or volume of potentially affected personal information of employees. Our investigation is ongoing, but due to the extensive system damage caused by the cyberattack, we anticipate that the process will take some time,” London Drugs reported.
As a precautionary measure, the company has proactively informed all current employees and provided 24 months of free credit monitoring and data protection services against personal data theft, regardless of whether a compromise of their data is ultimately found.
London Drugs, with over 9,000 employees providing pharmaceutical and medical services at more than 80 locations across Western Canada provinces such as Alberta, Saskatchewan, Manitoba, and British Columbia, continues to navigate the aftermath of the cyber attack.