London Drugs cyber attackers are demanding the company pay a multi-million-dollar ransom within 48 hours, according to a post shared by the ransomware group.
Prolific ransomware syndicate LockBit posted a statement on the dark web claiming it cyberattacked London Drugs and is demanding $25 million from the company.
It claimed that London Drugs offered to pay $8 million.
“With endless revenue, greedy pharma is only willing to pay 8 million, help someone help the poor pharma raise another 17 million dollars and the stolen data will not be released after 48 hours,” the statement posted around 12:00 pm PT reads.
#LockBit has listed London Drugs. #ransomware #londondrugs pic.twitter.com/7pHK7kESBb
— Brett Callow (@BrettCallow) May 21, 2024
London Drugs did not confirm details regarding the ransom amount but said it is “unwilling and unable to pay ransom to these cybercriminals.”
The company described the attack as “orchestrated by a sophisticated group of global cybercriminals.” It added that, through its ongoing investigation, “we are now aware that London Drugs has been identified by cybercriminals on the Dark Web as a victim of exfiltration of files from its corporate head office, some of which may contain employee information.”
Three weeks ago, the Canadian retail pharmacy chain announced it was closing stores across Western Canada “until further notice” due to an “operational issue.” Later, the company said it was the victim of a cybersecurity incident and immediately closed stores out of an abundance of caution.
London Drugs further explained that it also took countermeasures to secure its network and data “from further malicious acts.” It is working with third-party cybersecurity experts to help. Law enforcement is also involved.
In a statement over the weekend, London Drugs said that while primary employee-specific databases do not appear to be compromised, an ongoing forensic investigation found evidence that indicates certain corporate files may have been compromised, “some of which contain employee personal information.”
“We acknowledge these criminals may leak stolen London Drugs corporate files, some of which may contain employee information on the Dark Web. This is deeply distressing, and London Drugs is taking all available steps to mitigate any impacts from these criminal acts, including notifying all current employees whose personal information could be potentially impacted as described below,” London Drugs added Tuesday.
The company has added that there is no indication that patient or customer databases have been compromised so far.
London Drugs has been gradually re-opening its core services in some stores.