lockbit2 attacks Specpharm
Incident Date:
June 4, 2022
Overview
Title
lockbit2 attacks Specpharm
Victim
Specpharm
Attacker
Lockbit2
Location
First Reported
June 4, 2022
Specpharm Ransomware Attack
Specpharm, a black empowered and fully owned South African pharmaceutical company, has been targeted by the ransomware group Lockbit2. The attack was announced on the group's dark web leak site. Specpharm operates in the Healthcare Services sector and is renowned for its commitment to quality and perfection in all its operations. The company's manufacturing facility produces a diverse range of pharmaceutical products, including tablets, syrups, suspensions, creams, gels, ointments, powders, and granules. Specpharm Holdings, the manufacturing arm of Specpharm, is a member of Pharmisa (Pharmaceuticals made in South Africa) and the BPIA (Black Pharmaceutical Industry Association), advocating for expedited registrations and preferences in government tenders for locally manufactured products.
The size of Specpharm is not explicitly mentioned in available information. However, the company's website suggests it is a significant player in the South African pharmaceutical industry, emphasizing quality and adherence to the high standards required by the Pharmaceutical Inspection Convention Scheme (PIC/S).
The specific vulnerabilities that made Specpharm a target for Lockbit2 are not detailed in available sources. Nonetheless, ransomware attacks typically exploit weaknesses in an organization's cybersecurity defenses, such as outdated software, unpatched vulnerabilities, or weak passwords. It underscores the necessity for companies to implement comprehensive cybersecurity measures, including regular software updates, employee training, and multi-factor authentication, to mitigate such threats.
This incident underscores that no organization is immune to ransomware attacks, highlighting the critical importance of prioritizing cybersecurity to safeguard operations and sensitive data.
Sources
- Specpharm Holdings. (n.d.). Specpharm | Your South African-based Pharmaceutical Company | South Africa. Retrieved April 10, 2024, from https://specpharm.co.za
- Ransomware Posts. (n.d.). Ransomware Posts - GitHub Pages. Retrieved April 10, 2024, from https://privtools.github.io/ransomposts/
- Cybersecurity & Infrastructure Security Agency. (n.d.). Ransomware. Retrieved April 10, 2024, from https://www.cisa.gov/ransomware
- National Institute of Standards and Technology. (n.d.). Ransomware. Retrieved April 10, 2024, from https://www.nist.gov/cybersecurity/ransomware
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.