LockBit demands $25 million from London Drugs, confirming breach was actually ransomware attack

Image credit: Shutterstock (Image credit: Shutterstock)

The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed.

In a statement given to The Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand.

London Drugs suffered a cyberattack in late April 2024, and was forced to temporarily shut down its stores across Western Canada following what it described at the time as an “operational issue.”

LockBit strikes again

“Pharmacists are standing by to support with urgent pharmacy needs,” the company said at the time. “We advise customers to phone their local store's pharmacy to make arrangements.” Headquartered in Richmond, Canada, the company operates at least 78 stores across the country. 

A month later, the “operational issue” became an “attack orchestrated by a sophisticated group of global cybercriminals.”

This group was later confirmed to be LockBit, one of the world’s biggest ransomware players. Allegedly, it demanded $25 million in exchange for the decryption key, and for keeping the stolen data private. The group also said London Drugs was willing to pay $8 million for the problem to go away.

London Drugs, however, told The Register that it is "unwilling and unable to pay ransom to these cybercriminals."

LockBit apparently stole London Drugs’ corporate files, which include some employee information. Customers shouldn’t be impacted, the company said. The details on the type and amount of data is unknown, but London Drugs did give its employees two years’ worth of free identity theft protection and credit monitoring services

"As previously stated, we have no indication to date of any compromise of patient or customer databases; nor do our primary employee specific databases appear compromised. Should this change as the investigation continues, we will notify affected individuals in accordance with privacy laws," the statement concluded.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.