Retailer London Drugs says it is “unwilling and unable” to pay a multimillion-dollar ransom to cybercriminals who claim to have stolen data in a hacking attack that recently shut down its stores for more than a week.
The company says in a statement that the criminals could leak stolen corporate files containing employee information on the dark web, calling the situation “deeply distressing.”
It says it notified all employees and is providing them with two years of credit monitoring and identity theft protection services.
The retailer was responding to an image posted on the social media platform X, connecting the London Drugs attack to a ransomware group called Lockbit.
The image suggested a ransom of $25-million had been demanded from London Drugs with a deadline set for Thursday, adding that the retailer was so far “only willing to pay 8 million.”
London Drugs’ statement says it’s unable to “provide specifics on the nature or extent of employee personal information potentially impacted.”
“Through our ongoing investigation, we are now aware that London Drugs has been identified by cybercriminals on the Dark Web as a victim of exfiltration of files from its corporate head office, some of which may contain employee information,” it says.
London Drugs closed all 79 of its stores in B.C., Alberta, Saskatchewan, and Manitoba on April 28, when it became aware of the cyberattack.
They did not all reopen until May 7.
It was part of a series of hacking incidents that included what the B.C. government called a “sophisticated” attempt by criminals to breach its own information systems, and the hacking of B.C.’s library systems by extortionists who sought a ransom to not release the data.