LockBit demands $25 million from London Drugs, confirming breach was actually ransomware attack

But London Drugs isn’t paying up

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blownransomwareattack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed.

In a statement given toThe Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand.

London Drugs suffered a cyberattack in late April 2024, and wasforced to temporarily shut down its storesacross Western Canada following what it described at the time as an “operational issue.”

LockBit strikes again

“Pharmacists are standing by to support with urgent pharmacy needs,” the company said at the time. “We advise customers to phone their local store’s pharmacy to make arrangements.” Headquartered in Richmond, Canada, the company operates at least 78 stores across the country.

A month later, the “operational issue” became an “attack orchestrated by a sophisticated group of global cybercriminals.”

This group was later confirmed to be LockBit, one of the world’s biggest ransomware players. Allegedly, it demanded $25 million in exchange for the decryption key, and for keeping the stolen data private. The group also said London Drugs was willing to pay $8 million for the problem to go away.

London Drugs, however, toldThe Registerthat it is “unwilling and unable to pay ransom to these cybercriminals.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

LockBit apparently stole London Drugs’ corporate files, which include some employee information. Customers shouldn’t be impacted, the company said. The details on the type and amount of data is unknown, but London Drugs did give its employees two years’ worth of freeidentity theft protectionandcredit monitoring services.

“As previously stated, we have no indication to date of any compromise of patient or customer databases; nor do our primary employee specific databases appear compromised. Should this change as the investigation continues, we will notify affected individuals in accordance with privacy laws,” the statement concluded.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Australian Beach Volleyball Tour live stream: How to watch bronze and gold medal matches online for free, finals, start time