DragonForce Ransomware Hits German Pharma Firm Lyomark
Incident Date:
October 4, 2024
Overview
Title
DragonForce Ransomware Hits German Pharma Firm Lyomark
Victim
Lyomark Pharma
Attacker
Dragonforce
Location
First Reported
October 4, 2024
DragonForce Ransomware Group Targets Lyomark Pharma in Significant Data Breach
Lyomark Pharma GmbH, a German pharmaceutical company known for its development and distribution of sterile medicinal products, has fallen victim to a ransomware attack by the DragonForce group. This incident highlights the increasing vulnerability of the healthcare sector to cyber threats, particularly those involving sensitive data and intellectual property.
Company Profile: Lyomark Pharma
Founded in 1989 and headquartered in Oberhaching, Bavaria, Lyomark Pharma specializes in the development of sterile medicinal products, focusing on niche indications within the hospital market. The company is recognized for its high-quality products and innovative solutions, such as the Neofact applicator, which enhances patient care through precise application methods. With approximately 27 employees, Lyomark Pharma operates in product development, contract manufacturing, and regulatory services, ensuring compliance with Good Manufacturing Practices (GMP).
Details of the Ransomware Attack
The DragonForce ransomware group claims to have infiltrated Lyomark Pharma's systems, exfiltrating 51.31 GB of sensitive data. The attackers have threatened to release this data publicly if their ransom demands are not met by October 5. This breach poses significant risks to Lyomark Pharma's operations, potentially compromising proprietary information, client data, and regulatory compliance. The attack underscores the pharmaceutical sector's vulnerability due to the high value of its intellectual property and sensitive data.
DragonForce Ransomware Group
Emerging in late 2023, DragonForce is known for its double extortion tactics, encrypting victims' data while exfiltrating sensitive information. The group threatens to release this data on their "DragonLeaks" site if ransoms are not paid. DragonForce's ransomware code is reportedly based on a leaked builder from the LockBit group, suggesting a rapid development and deployment strategy. The group has targeted various industries globally, including high-profile entities like the Ohio Lottery and Coca-Cola Singapore.
Potential Vulnerabilities and Penetration Tactics
While specific details of how DragonForce penetrated Lyomark Pharma's systems remain unclear, the group's use of sophisticated tactics and possibly leveraging leaked malware code could have facilitated the breach. The pharmaceutical sector's reliance on digital infrastructure and the high value of its data make it an attractive target for ransomware groups like DragonForce.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.