Cyberattack against London Drugs claimed by LockBit ransomware group

BleepingComputer reports that Canadian pharmacy and retail chain London Drugs was admitted to have been breached by the LockBit ransomware group in an attack last month that resulted in the temporary closure of all its stores across Western Canada.

LockBit, which continues to be active after switching to new domains and servers following a recent international law enforcement crackdown, has threatened the exposure of all data allegedly exfiltrated from London Drugs' servers following failed negotiations for a $25 million ransom but did not provide any proof of the stolen information.

After initially reporting that no customer or employee data had been impacted by the intrusion, London Drugs acknowledged that corporate head office files — some of which may have included employee details — were compromised, while emphasizing its refusal to pay the ransomware group's demands.

"At this stage in our investigation, we are not able to provide specifics on the nature or extent of employee personal information potentially impacted. Our review is underway, but due to and the extent of system damage caused by this cyber incident, we expect this review will take some time to perform," said London Drugs.