Pay up, or else.That’s the word from a shadowy Russian ransomeware group that is threatening to release confidential information if retailer London Drugs doesn’t fork over USD$25 million by Thursday.It comes after the popular chain was forced to close all of its 79 stores in Western Canada after a cybersecurity breach on April 28. The stores weren’t fully reopened until May 7 although its website is still down.London Drugs has more than 9,000 employees in Alberta, Saskatchewan, Manitoba and BC..On Tuesday, the chain confirmed a “sophisticated group of global cybercriminals” stole electronic files from its corporate headquarters office in Richmond, BC but denied any confidential customer or employee information — especially relating to prescriptions — had been compromised.But the so-called LockBit group, a shadowy gang of cybercriminals responsible for similar breaches in Europe, threatened to release all the data following what it said were failed negotiations to secure the demanded funds without providing proof of the stolen information.Instead, a post on the LockBit website suggested London Drugs had offered to pay $8 million instead and chided “the poor… greedy Pharma” company for not being able to raise the additional $17 million."At this stage in our investigation, we are not able to provide specifics on the nature or extent of employee personal information potentially impacted. Our review is underway, but due to and the extent of system damage caused by this cyber incident, we expect this review will take some time to perform," London Drugs said in a statement.“Out of an abundance of caution, we have proactively notified all current employees and provided 24 months of complimentary credit monitoring and identity theft protection services, regardless of whether any of their data is ultimately found to be compromised or not.".Earlier this year LockBit was swept up in an international law enforcement crackdown that briefly shut down its servers but it has since managed to put itself back into business. the investigation determined that the group was run by a Russian national named Dmitry Yuryevich Khoroshev based in the city of Voronezh.A $10 million reward has been offered by the UK governments for information leading to his arrest.LockBit has claimed attacks against many high-profile organizations, including Boeing, the Italian Internal Revenue Service, Bank of America and the UK Royal Mail.On May 21, it gave Italy’s University of Siena a similar demand to pay an unspecified sum by May 28 or it would release more than 500 gigabytes of data stolen from the institution’s servers including financial and non-disclosure agreements for project tenders.The US Department of Justice and the UK National Crime Agency estimate that LockBit has extorted between $500 million and $1 billion after 7,000 attacks targeting organizations worldwide between June 2022 and February 2024.
Pay up, or else.That’s the word from a shadowy Russian ransomeware group that is threatening to release confidential information if retailer London Drugs doesn’t fork over USD$25 million by Thursday.It comes after the popular chain was forced to close all of its 79 stores in Western Canada after a cybersecurity breach on April 28. The stores weren’t fully reopened until May 7 although its website is still down.London Drugs has more than 9,000 employees in Alberta, Saskatchewan, Manitoba and BC..On Tuesday, the chain confirmed a “sophisticated group of global cybercriminals” stole electronic files from its corporate headquarters office in Richmond, BC but denied any confidential customer or employee information — especially relating to prescriptions — had been compromised.But the so-called LockBit group, a shadowy gang of cybercriminals responsible for similar breaches in Europe, threatened to release all the data following what it said were failed negotiations to secure the demanded funds without providing proof of the stolen information.Instead, a post on the LockBit website suggested London Drugs had offered to pay $8 million instead and chided “the poor… greedy Pharma” company for not being able to raise the additional $17 million."At this stage in our investigation, we are not able to provide specifics on the nature or extent of employee personal information potentially impacted. Our review is underway, but due to and the extent of system damage caused by this cyber incident, we expect this review will take some time to perform," London Drugs said in a statement.“Out of an abundance of caution, we have proactively notified all current employees and provided 24 months of complimentary credit monitoring and identity theft protection services, regardless of whether any of their data is ultimately found to be compromised or not.".Earlier this year LockBit was swept up in an international law enforcement crackdown that briefly shut down its servers but it has since managed to put itself back into business. the investigation determined that the group was run by a Russian national named Dmitry Yuryevich Khoroshev based in the city of Voronezh.A $10 million reward has been offered by the UK governments for information leading to his arrest.LockBit has claimed attacks against many high-profile organizations, including Boeing, the Italian Internal Revenue Service, Bank of America and the UK Royal Mail.On May 21, it gave Italy’s University of Siena a similar demand to pay an unspecified sum by May 28 or it would release more than 500 gigabytes of data stolen from the institution’s servers including financial and non-disclosure agreements for project tenders.The US Department of Justice and the UK National Crime Agency estimate that LockBit has extorted between $500 million and $1 billion after 7,000 attacks targeting organizations worldwide between June 2022 and February 2024.
