What’s changed one year after the London Drugs cyberattack

It’s been exactly one calendar year since criminals hiding behind computer screens took down one of the most popular drugstores on the West Coast.

London Drugs was the victim of a sophisticated cyberattack that forced the temporary closure of its stores, broken trust from its customers, and a lot of people’s personal data was posted to the dark web.

One year later, Luke Connolly, a threat analyst with Emsisoft says, as of late April, that information is still out there and available to be downloaded and shared among hackers.

Adding in the months that have passed, the company has definitely learned its lesson.

“A lot of companies have some sort of cybersecurity position, and in a lot of cases it’s not given the full attention that it demands, and that may have been the case with London Drugs.”

Among the things he thinks the company has improved are employee training and internal policies and software.

It wasn’t made clear how the criminals gained access to London Drugs’ system, but Connolly explains it’s up to them what they share with the public.

“It’s their decision. It’s a difficult choice. As a threat analyst, I think it helps the industry; it helps the good guys to understand the specifics of attacks as much as possible. On the other hand, London Drugs is no doubt responding to their shareholders and stakeholders as much as possible. And to be honest, the general public is fairly low down on that list.”

After the hack was confirmed, it was soon revealed that criminals with LockBit were behind it all. Connolly says the cybercriminal group is operating around the world, including in Canada.

“The criminals behind these attacks try to build up a brand; they try to build up an image, and they do so for two reasons. They don’t attack the victims themselves; they have affiliates who are responsible for identifying the victims, breaching the victims, and initiating the ransomware discussions. The other benefit of building up a brand is they can use it to intimidate potential victims.”

London Drugs did, at one point, face a $25 million ransomware demand but refused to pay.

Connolly explains the data that’s available is of value to those looking to target people one-on-one or use it as a stepping stone to go after another company.

He says for you, the average consumer, there are things you can do to protect your digital footprint.

“You should make sure that you don’t reuse passwords across multiple systems. Use complex passwords. There is password manager software that manages passwords for you, if you wish. Ideally, use an enabled multi-factor authentication, which is a technology that when you log in to, say, Facebook, it’ll ask you to confirm on your phone before it will allow that computer to connect.”

Connolly stresses you should always keep an eye on any suspicious activity, including if you’re getting emails from websites you visit or your bank that may alert you to a login you didn’t do.

1130 NewsRadio reached out to London Drugs multiple times for comment but was denied.