As we speak, the LockBit ransomware gang claimed they had been behind the April cyberattack on Canadian pharmacy chain London Medication and is now threatening to publish stolen information on-line after allegedly failed negotiations.
London Medication has over 9,000 staff who present healthcare and pharmacy providers in over 80 shops throughout Alberta, Saskatchewan, Manitoba, and British Columbia.
An April 28 cyberattack compelled London Medication to shut all its retail shops throughout Western Canada. The corporate mentioned it discovered no proof that buyer or worker information was impacted.
“Should our investigation indicate any personal information has been compromised, we would notify those impacted and applicable privacy commissioners in accordance with applicable privacy laws,” the pharmacy chain mentioned on the time.
On Could 9, London Medication’ President and Chief Working Officer (COO) Clint Mahlman confirmed once more that third-party cybersecurity consultants employed to conduct a forensic investigation discovered no proof that “customer databases, including our health data and LDExtras data,” had been compromised.
Whereas London Medication has since re-opened all shutdown shops, the corporate’s web site continues to be down and displaying an error stating, “The server encountered an internal error that prevented it from fulfilling this request.”
Earlier as we speak, the LockBit ransomware operation added London Medication to its extortion portal, claiming the April cyberattack and threatening to publish information allegedly stolen from the corporate’s methods.
The ransomware gang has but to supply proof that they stole any information from London Medication servers, claiming solely that negotiations with London Medication to pay a $25 million ransom have failed.
Whereas it did not verify LockBit’s claims, a London Medication assertion shared with BleepingComputer says the corporate is conscious the ransomware gang mentioned they stole “files from its corporate head office, some of which may contain employee information”—as seen within the screenshot above LockBit solely talked about “stolen data.”
London Medication added that they won’t and can’t pay the ransom requested by LockBit, however acknowledged that the gang “may leak stolen London Drugs corporate files, some of which may contain employee information on the Dark Web.”
“At this stage in our investigation, we are not able to provide specifics on the nature or extent of employee personal information potentially impacted. Our review is underway, but due to and the extent of system damage caused by this cyber incident, we expect this review will take some time to perform,” London Medication mentioned.
“Out of an abundance of caution, we have proactively notified all current employees and provided 24 months of complimentary credit monitoring and identity theft protection services, regardless of whether any of their data is ultimately found to be compromised or not.”
LockBit ransomware’s rise and fall
This ransomware-as-a-service (RaaS) operation surfaced in September 2019 as ABCD after which rebranded as LockBit.
Since its emergence, LockBit has claimed assaults in opposition to many authorities and high-profile organizations worldwide, together with Boeing, the Continental automotive large, the Italian Inside Income Service, Financial institution of America, and the UK Royal Mail.
Regulation enforcement took down LockBit’s infrastructure in February 2024 in an motion often called Operation Cronos, seizing 34 servers containing over 2,500 decryption keys that helped create a free LockBit 3.0 Black Ransomware decryptor.
Based mostly on the seized information, the U.S. DOJ and the U.Ok.’s Nationwide Crime Company estimate that LockBit has extorted between $500 million and $1 billion after 7,000 assaults concentrating on organizations worldwide between June 2022 and February 2024.
​Nevertheless, LockBit continues to be lively and has moved to new servers and darkish internet domains. It retains concentrating on victims world wide and releasing huge quantities of outdated and new information in retaliation to the latest infrastructure takedown by U.S. and U.Ok. authorities.
LockBit’s claims that it was behind the London Medication cyberattacks come after one other worldwide regulation enforcement operation doxxed and sanctioned the ransomware gang’s chief as a 31-year-old Russian nationwide named Dmitry Yuryevich Khoroshev, utilizing the “LockBitSupp” on-line alias.
The U.S. State Division now presents a $10 million reward for info resulting in LockBit management arrest or conviction and an extra $5 million for any suggestions that would result in the apprehension of LockBit ransomware associates.
Earlier expenses and arrests of Lockbit ransomware actors embrace Mikhail Vasiliev (November 2022), Ruslan Magomedovich Astamirov (June 2023), Mikhail Pavlovich Matveev aka Wazawaka (Could 2023), Artur Sungatov and Ivan Gennadievich Kondratiev aka Bassterlord (February 2024).
