lockbit2 attacks PuraPharm

Incident Date:

May 13, 2022

World map



lockbit2 attacks PuraPharm






Tai Po, Hong Kong

New Territories, Hong Kong

First Reported

May 13, 2022

PuraPharm Suffers Ransomware Attack by Lockbit2

PuraPharm, a leading Hong Kong-based Chinese medicine company, has been targeted by the ransomware group Lockbit2. The attack was announced on the group's dark web leak site. PuraPharm operates in the Healthcare Services sector and is known for its innovative approach to traditional Chinese medicine.

Company Overview

PuraPharm is a significant player in the Chinese medicine industry, with a strong focus on research and development. They use over 600 types of raw Chinese herbs in the manufacture of their products and have a leading market share of 70% in Hong Kong for Concentrated Chinese Medicine Granules (CCMG). The company is one of the only five and the only non-PRC company licensed by the CFDA to manufacture and sell CCMG products in China. PuraPharm's CNAS-accredited testing laboratory enables them to issue safety reports recognized by over 70 countries, and their manufacturing facilities are internationally GMP-certified by the Therapeutic Goods Administration of Australia.

Vulnerabilities and Impact

Ransomware attacks on healthcare institutions typically involve hackers infiltrating a network through various means, such as phishing emails, compromised websites, or exploiting vulnerabilities in software systems. Once inside, the attackers deploy ransomware to encrypt critical data, rendering it inaccessible to the organization. These attacks often result in disruptive downtime, leading to delays in medical procedures, appointment cancellations, and compromised patient care.

The consequences of healthcare ransomware attacks extend beyond financial losses. Patient care is significantly impacted as healthcare providers struggle to retrieve essential medical records and deliver treatment. The confidentiality of patient data is also jeopardized when ransomware attackers gain unauthorized access to sensitive medical information, risking identity theft and fraud.

Mitigation Strategies

To mitigate the risks of ransomware attacks, healthcare organizations should invest in robust cybersecurity measures, including regular software updates, employee training, and the use of multi-factor authentication. Additionally, organizations should maintain offsite backups of critical data and have a well-rehearsed incident response plan in place.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.