Selasa, 21 Mei 2024

Ransomware group says it will release stolen London Drugs data if it doesn't get $25M in 48 hours - Vancouver Sun

Shawnigan Lake-based threat analyst Brett Callow said his cybersecurity company was aware of the demand “almost immediately” due to trackers on the dark net

Article content

A ransomware gang is threatening to release confidential data it claims to have stolen from London Drugs if it isn’t paid $25 million by Thursday.

The retailer and pharmacy chain closed all of its 79 stores in Western Canada after a cybersecurity breach was discovered on April 28.

Article content

Stores, including ones on Vancouver Island, weren’t fully reopened until May 7.

Advertisement 2

Article content

On Tuesday, London Drugs confirmed to the Times Colonist that the cyberattack was orchestrated by a “sophisticated group of global cybercriminals” that took electronic files from its corporate head office.

While the company did not name the group responsible for the attack, ransomware syndicate LockBit on Tuesday posted a notice on a dark-web site where stolen information is posted threatening to release the data it had stolen unless it was paid $25 million in the next 48 hours.

Shawnigan Lake-based threat analyst Brett Callow said his cybersecurity company, Emsisoft, was aware of the listing “pretty much straightaway” due to trackers the company has on the dark net.

LockBit claimed that London Drugs had offered to pay an $8 million ransom, without providing any evidence.

The group also did not provide any details about the data it claims to have stolen.

In response to questions from the Times Colonist, London Drugs said it is “unwilling and unable to pay ransom to these cybercriminals.”

The company reiterated that it believes no customer, patient or “primary employee” databases were compromised.

Article content

Advertisement 3

Article content

“Should this change as the investigation continues, we will notify affected individuals in accordance with privacy laws,” it said, adding that a review of the cyber incident is still ongoing.

London Drugs is taking “all available steps” to mitigate impacts from the ransom attack, including notifying all of its current employees of the potential effects, the statement said.

It is providing 24 months of free credit monitoring and identity-theft protection services, the statement said.

The company did not make anyone available for an interview Tuesday.

Callow said there’s no reason to believe there’s any connection between any of the recent cyberattacks that hit B.C.-based organizations, such as the B.C. Libraries Cooperative and the three cybersecurity attacks on the provincial government since April 10. “The government and London Drugs will undoubtedly have been in contact, but there are thousands of these incidents every year.”

LockBit alone had several dozen ransomware threats on its site on Tuesday. The group is among the most prolific ransomware syndicates in the world, accounting for 23 per cent of nearly 4,000 attacks globally last year, according to cybersecurity firm Palo Alto Networks.

Advertisement 4

Article content

There is a “very real risk” that LockBit will carry out its threat and release the data if the ransom isn’t paid, Callow said.

It’s impossible to know exactly what information the group has obtained from London Drugs, he said. “I’ve seen numerous past cases where organizations have had to walk back their initial statements … they had to admit that it had been compromised when the ransomware group released the data.”

In February, law-enforcement agencies led by Britain’s National Crime Agency arrested two people in Poland and Ukraine and seized 200 cryptocurrency accounts in an international operation targeting LockBit.

At the time, U.S. Attorney General Merrick Garland said the agencies obtained decryption keys that could help victims decrypt their captured systems and regain access to their data during that bust.

Members of the syndicate using the LockBit ransomware variant first appeared around January 2020 and have received more than $120 million in ransom payments.

One dual Russian-Canadian national, Mikhail Vasiliev, is currently in custody in Canada in connection with LockBit and is awaiting extradition to the United States.

Advertisement 5

Article content

Authorities have said that there’s no evidence that LockBit, which is dominated by Russian-speakers and does not attack former Soviet nations, is a state-backed group.

London Drugs has more than 8,000 employees, according to its website.

Recommended from Editorial

  1. The open sign at London Drugs Broadway and Vine location has been turned off in Vancouver on Monday, April. 29, 2024. The president of London Drugs says he doesn't know why the company was subject to a cyber attack that forced it to close its stores, but hackers with sophisticated methods are

    London Drugs president doesn’t know why cyber attackers struck

  2. People wait outside of the London Drugs Kerrisdale location on Monday, April. 29, 2024. The president of London Drugs has issued a letter apologizing for a cybersecurity incident that forced the company to close its stores for a week, but he says there's no evidence to suggest customer databases were compromised in the breach.

    London Drugs president says sorry for cyber breach, no evidence customer data taken


Bookmark our website and support our journalism: Don’t miss the news you need to know — add VancouverSun.com and TheProvince.com to your bookmarks and sign up for our newsletters here.

You can also support our journalism by becoming a digital subscriber: For just $14 a month, you can get unlimited access to The Vancouver Sun, The Province, National Post and 13 other Canadian news sites. Support us by subscribing today: The Vancouver Sun | The Province.

Article content

Comments

Join the Conversation

This Week in Flyers

Adblock test (Why?)


https://news.google.com/rss/articles/CBMif2h0dHBzOi8vdmFuY291dmVyc3VuLmNvbS9uZXdzL2xvY2FsLW5ld3MvcmFuc29td2FyZS1ncm91cC1zYXlzLXdpbGwtcmVsZWFzZS1zdG9sZW4tbG9uZG9uLWRydWdzLWRhdGEtZG9lc250LWdldC0yNW0taW4tNDgtaG91cnPSAQA?oc=5

2024-05-21 23:46:07Z
CBMif2h0dHBzOi8vdmFuY291dmVyc3VuLmNvbS9uZXdzL2xvY2FsLW5ld3MvcmFuc29td2FyZS1ncm91cC1zYXlzLXdpbGwtcmVsZWFzZS1zdG9sZW4tbG9uZG9uLWRydWdzLWRhdGEtZG9lc250LWdldC0yNW0taW4tNDgtaG91cnPSAQA

Tidak ada komentar:

Posting Komentar