London Drugs Day 5: stores still closed but London Drugs restores their phones and pharmacy services.

London Drugs Day 5 update

The intrepid IT teams at London Drugs have restored the phones, the pharmacy services, Canada Post and insurance outlets at the stores. While the update banner at the top of their web site is still teeny tiny, it now includes link to bigger info box. The info box contains customer care number and links to media page for updates. London Drugs daily updates their social media on the situtation.

Currently London Drugs reports there is no indication so far hackers grabbed personal information such healthcare/pharmacy information or LD Extras. London Drugs IT and their cybersecurity experts are still scanning millions of lines of code though.

Why can’t they just restore from backups?

In one of the social media comments I saw, someone asked why can’t London Drugs just restore from backup? Until the IT teams know how the infection/hack got in, you could end up just restoring access to the hackers. Or you could restore machines to a point where they are still vulnerable to the infection/ransomware.

Why is it taking so long?

Picture your local London Drugs store. At the front you have at least two or three cashiers using computerized cash registers. Then you have at least 6 computerized self-serve checkouts. The pharmacy will have at least 2 computers. The back office probably has at least two computers and a network printer. If there’s a post office outlet, there’s another two computers. Ditto for insurance outlet. Given the breathtaking increase in shoplifting in Metro Vancouver there’s at least 15 networked security cameras that feed into a networked security camera video server. Add a couple of network switches and a router. Probably some wireless access points as well. VOIP phones? IT has to check/sanitize/harden all these devices in every store.

It’s possible the checkout computers are all Citrix devices with images but IT still has to check each image.

Now look at the London Drugs head office. I’m guesstimating at least 300 office workers needing about 500 computers plus 10 network printers. Throw in more wireless access points. Add more networked security devices. Guesstimate at least 5 switches, firewall device, router. Then there’s the warehouses. IT has to check/sanitize/harden all these devices.

Let’s look at their line of business applications, the point of sales, the inventory, the LD extras databases. Could be in house servers but more likely cloud based. IT has to check/sanitize/harden all that code and data. Millions of lines of code.

Ransomware? Or Purloined Processing?

London Drugs has not mentioned ransomware once in their press releases or interviews. Given that IT has restored all the phones, the pharmacy computers, and the Post/Insurance outlets, safe to say their physical networks are now clean. Which leaves the line of business applications.

While London Drugs started out as pharmacies, customers are spending more on TVs, computers, food, candy, junk food, cleaning supplies, etc. while they wait for prescription refills. It could be hackers went after the money from those sales rather than the data.

I expect London Drugs will fully explain what happened once it’s been cleaned up. Other than the teeny tiny banner problem on their web site, great communications so far. If you’re not following them on social media, here is link for London Drugs news.