The world’s fourth-largest generic drugs manufacturer Sun Pharmaceuticals disclosed a ransomware attack that compromised some of its file systems.
The Mumbai-based drugmaker isolated the impacted IT systems after detecting an “information security incident,” resulting in the “breach of certain file systems and the theft of certain company data and personal data.”
“This is to inform [you] that an information security incident has occurred at the Company and the impacted IT assets have been isolated,” Sun wrote in a Bombay Stock Exchange filing.
Operating in 100 countries, Sun Pharma employs over 37,000 workers and earned $5 billion in 2022.
Sun pharmaceuticals ransomware attack will hurt its bottom line
The Company launched an investigation and took appropriate containment and remediation actions in a controlled manner.
“The incident has not impacted our core systems and operations. The Company is investigating the matter and appropriate containment and remediation actions are being taken in a controlled manner to address the incident.”
However, the company’s revenues are expected to take a hit from the ransomware attack.
“As part of the containment measures, we proactively isolated our network and initiated the recovery process. As a result of these measures, Company’s business operations have been impacted,” said Sun Pharmaceuticals.
However, the company said it was “unable to determine other potential adverse impacts of the incident, including but not limited to additional information security incidents, increased costs to maintain insurance coverage, the diversion of management and employee time,” or possible litigation stemming from the ransomware attack.
Although Sun Pharmaceuticals withheld the threat actor’s identity, the BlackCat/ALPHV ransomware group added the company to its data leak site. Sun Pharma also confirmed that a threat actor had claimed responsibility for the ransomware attack, which was reported on March 2, 2023.
BlackCat/ALPHV ransomware group has compromised several healthcare organizations, including Lehigh Valley Health Network and NextGen Healthcare. The ransomware-as-a-service (RaaS) group has also targeted financial institutions, retail outlets, logistic companies, colleges, and universities.
In April 2022, the Federal Bureau of Investigation (FBI) Cyber Division issued a flash alert warning that BlackCat/ALPHAV had compromised at least 60 organizations worldwide.
The FBI linked BlackCat/ALPHAV members to the Darkside/Blackmatter ransomware group, which shut down due to law enforcement pressure after the Colonial Pipeline ransomware attack.
According to the federal agency, BlackCat/ALPHA was the first cybercrime gang to use the secure and robust Rust programming language with improved performance due to concurrent processing.
Pharmaceutical companies are prime targets for hackers
The pharmaceutical industry is no stranger to cybersecurity incidents. In 2022, Novartis and AstraZeneca suffered data breaches, with the latter leaking sensitive patient data through database misconfiguration.
In India, the Hyderabad-based Dr. Reddys Laboratories Ltd and Mumbai-based Lupin Pharmaceuticals also suffered security breaches in 2020. Similarly, the All India Institute of Medical Sciences (AIIMS) and the Indian Council of Medical Research (ICMR) reported cyber attacks in 2022.
According to Check Point Research, India’s pharmaceutical industry has the highest number of cyber attacks in the country.
Apart from financially-motivated ransomware attacks, pharmaceutical companies globally are also prime targets for nation-state hackers looking to steal intellectual property.
The Sun Pharmaceuticals ransomware attack followed a series of manufacturing problems, causing the recall of 34,000 bottles of generic high blood pressure medicine Diltiazem Hydrochloride in the US.
The two incidents could predict a challenging financial year for the global Indian generic drugs manufacturer.