London Drugs confirms employee information held for ransom

London Drugs confirmed that some of its employees’ information was compromised and held for ransom after a cybersecurity incident that closed stores in Western Canada weeks ago.

In a statement to CityNews on Tuesday, the company says it was the victim of an attack orchestrated by a “sophisticated group of global cybercriminals.”

According to BC cybersecurity threat analyst Brett Callow of Emsisoft, the criminals are asking for $25 million within 48 hours or else the group will release the stolen data.

“With endless revenue, greedy drug companies are only willing to pay $8 million, help someone help poor drug companies raise another $17 million,” reads an anonymous post Callow found on a dark website.

London Drugs has not confirmed the amount of the ransom, nor the nature or extent of employee personal information affected.

“Through our ongoing investigation, we are now aware that London Drugs has been identified by cybercriminals on the dark web as a victim of the exfiltration of files from its corporate headquarters, some of which may contain employee information,” it said. the company.

The retailer says it has no indication yet that patient or customer databases were compromised in the attack.

He added that “our primary employee-specific databases also do not appear to be compromised.”

London Drugs says it is “neither willing nor able” to pay the ransom the group is demanding.

“We recognize that these criminals may leak corporate files stolen from London Drugs, some of which may contain employee information on the dark web. “This is deeply concerning and London Drugs is taking all available measures to mitigate any impact of these criminal acts, including notifying all current employees whose personal information could potentially be affected,” he said.

It says its review is underway and that the company has provided 24 months of free credit monitoring and identity theft protection services to all current employees, “regardless of whether or not any of their data is ultimately discovered to be compromised.” “.

Cybersecurity experts say more needs to be done to combat cybercrime

Professor Richard Frank, director of the International Cybercrime Research Center at Simon Fraser University, says a ransom is typically requested when your data has not been returned or there is a threat of disclosure to the public.

From their understanding, London Drugs being back up and running means they will most likely get their data back, but they face the threat of it being disclosed.

“If London Drugs supposedly didn’t pay, then hackers could reveal the data,” Frank said.

The expert says the risk here depends on what the hackers specifically obtained.

“If it is employee data, then the employees or their private data will be on the Internet. They could be targeted by phishing attempts in the future, or maybe contain some sensitive medical data,” he said. “I doubt it, but it’s usually credit card details.”

Frank says that, as far as he knows, it is employee data that is being compromised in this case, not customer data.

He says organizations like these typically get hacked if someone falls for a phishing email.

“Typically, 90 percent of these attacks start with a phishing email that has an invoice, attachment or link,” he said. “Whoever clicks on it downloads malware from a malicious website.”

Frank says that once malware is downloaded to someone’s computer, hackers can access the data on their computers.

“My feeling is that it was London Drugs’ turn, they were not explicitly targeted, it was simply their turn to be compromised,” he said. “Probably someone within London Drugs clicked on it and was compromised.”

Dominic Vogel, another cybersecurity expert, says that Lockbit, the cybercriminals behind the London Drugs attack, is a ransomware group based in Russia.

Vogel says ransomware groups look for weaknesses in the cybersecurity system and there are many ways they can attack.

“There are many different paths to an organization,” Vogel said. “Whether it’s a missing security patch or an insecure configuration, are there multiple ways they can get in, someone clicking on a link they shouldn’t have?”

Vogel says there is a greater need for government regulation to eliminate ransomware.

“More pressure needs to be put at the federal and provincial levels,” he said. “So we can make sure cybersecurity has the proper regulations it needs.”

Vogel says investing in digital data protection is an expensive undertaking and the government should try to support small and medium-sized organizations to do so.

“Especially in retail, where margins are important, something like cybersecurity won’t necessarily be the highest priority,” he said. “It is very important that we, as citizens, put pressure on the different levels of government to do more to support.”

Vogel says we live in a different era where crimes happen digitally, so more needs to be done to protect digital stores.