Indigo says its cybersecurity breach last month was done using a tool known as LockBit, developed by a hacking group of the same name that has ties to Russian organized crime.

In a statement released Thursday morning, the retailer said its network was "illegally accessed" on Feb. 8, by a group of criminals using the LockBit tool, and the perpetrators "may make some or all of the data they have stolen available using the dark web as early as today."

Indigo said last week, while no customer information was accessed, some data belonging to current and former employees was.

Indigo also announced it has refused to pay a ransom and says it is continuing to work with Canadian police services and the FBI in the U.S.

"Given we cannot be assured that any ransom payment would not end up in the hands of terrorists or others on sanctions lists, Indigo has determined it would be inappropriate to pay the ransom. We have no indication that there is any risk to customers because of this illegal attack," the company said.

The cybersecurity attack took Indigo's online store and in-store electronic payment systems offline. While the company's in-store payment systems were restored after a few days, only "select books" remain available to purchase at .

The as "one of the most active and destructive ransomware variants in the world," and since 2020 hackers using the tool have targeted over 1,000 organizations across Canada, the U.S. and around the world.

LockBit's Canadian targets have included SickKids Hospital in Toronto as well as the municipalities of St. Marys, Ont. and Westmount, Que. In November 2022, the , a Russian-Canadian dual citizen alleged to have been involved with the LockBit campaign.

Correction:

This article has been corrected to reflect that "select titles" are available for purchase at Indigo's online store.