Ransomware Attack on London Drugs by LockBit 3.0

Incident Date:

May 23, 2024

World map



Ransomware Attack on London Drugs by LockBit 3.0


London Drugs




Richmond, Canada

, Canada

First Reported

May 23, 2024

Ransomware Attack on London Drugs by LockBit 3.0

Victim Overview

London Drugs, a Canadian retail store chain, was targeted by the LockBit 3.0 ransomware group. The company offers a diverse range of products including pharmaceuticals, cosmetics, electronics, and housewares. With a revenue of $1.69 billion in 2024, London Drugs is a significant player in the retail sector. The company is known for being 100% Canadian owned, prioritizing local customer satisfaction, and providing an exceptional shopping experience through innovation and community involvement.

Attack Details

The ransomware attack on London Drugs involved the LockBit 3.0 group demanding a ransom. Despite the company's financial strength, the pharmaceutical sector of London Drugs was only willing to pay $8 million of the demanded ransom. The threat actors are now seeking an additional $17 million to prevent the release of stolen data within 48 hours. A sample of the compromised data has already been leaked, indicating the severity of the breach.

Ransomware Group Overview

The LockBit 3.0 ransomware group is an evolution of the LockBit group, known for its advanced and dangerous ransomware tactics. LockBit 3.0 operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to utilize their malware for attacks. The group is highly sophisticated, encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. LockBit 3.0 is designed to be evasive and difficult to analyze, making it a formidable threat in the cybersecurity landscape.

Company Vulnerabilities

London Drugs' prominence in the retail sector and its extensive customer base make it an attractive target for threat actors like LockBit 3.0. The company's wide range of products and services, including pharmaceuticals, electronics, and photo printing, may contain sensitive data that can be exploited by ransomware groups. Additionally, the company's substantial revenue and reputation could make it more likely to be targeted for large ransom demands.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.