'Inappropriate': Indigo refuses to pay ransom in cyberattack
Criminals may make stolen data available on dark web as early as Thursday
Indigo Books & Music Inc. says it would be “inappropriate” to pay ransom to unlock the recent cyberattack on its network and that there is currently no indication of any risk to its customers.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
- Unlimited online access to articles from across Canada with one account and fewer ads
- Get exclusive access to the National Post ePaper, an electronic replica of the print edition that you can share, download and comment on
- Enjoy insights and behind-the-scenes analysis from our award-winning journalists
- Support local journalists and the next generation of journalists
- Daily puzzles including the New York Times Crossword
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
- Unlimited online access to articles from across Canada with one account and fewer ads
- Get exclusive access to the National Post ePaper, an electronic replica of the print edition that you can share, download and comment on
- Enjoy insights and behind-the-scenes analysis from our award-winning journalists
- Support local journalists and the next generation of journalists
- Daily puzzles including the New York Times Crossword
REGISTER TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account
- Share your thoughts and join the conversation in the comments
- Enjoy additional articles per month
- Get email updates from your favourite authors
Don't have an account? Create Account
tap here to see other videos from our team.
'Inappropriate': Indigo refuses to pay ransom in cyberattack Back to video
tap here to see other videos from our team.
In an email statement March 2, the company said it is prioritizing the safety and security of current and former employees who could be impacted by malicious actors.
“Given we cannot be assured that any ransom payment would not end up in the hands of terrorists or others on sanctions lists, Indigo has determined it would be inappropriate to pay the ransom,” it said.
Indigo said its network was illegally accessed on Feb. 8 using ransomware software known as “LockBit,” which it said some criminal groups affiliated with Russian organized crime use. It said, however, that the identity of the criminals is still not known.
The bookstore chain said it has been informed that the criminals responsible for the attack may make some or all of the data they have stolen available using the dark web as early as Thursday.
The company said it is working closely with Canadian police and the United States Federal Bureau of Investigation in response to the attack.
The company added that it will provide two years of free identity theft monitoring to those impacted and will continue to address any concerns that may arise.
Its physical stores remain open and a temporary website has been made available for those shopping online.
• Email: dpaglinawan@postmedia.com | Twitter: denisepglnwn
