RansomHub Ransomware Breach Exposes 100GB at Pharmaceutics Intl.
Incident Date:
July 31, 2024
Overview
Title
RansomHub Ransomware Breach Exposes 100GB at Pharmaceutics Intl.
Victim
Pharmaceutics International
Attacker
Ransomhub
Location
First Reported
July 31, 2024
RansomHub Ransomware Attack on Pharmaceutics International, Inc.
Pharmaceutics International, Inc. (Pii), a prominent Contract Development and Manufacturing Organization (CDMO) based in Hunt Valley, Maryland, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group RansomHub. The attack, discovered on August 1, has resulted in a significant data breach, compromising approximately 100GB of sensitive information.
About Pharmaceutics International, Inc.
Established in 1994, Pii has grown from a small team of 12 to over 280 employees, operating from a state-of-the-art facility encompassing more than 360,000 square feet. The company specializes in providing comprehensive pharmaceutical development and manufacturing services, including formulation development, clinical trial materials, and commercial manufacturing. Pii is known for its expertise in high potency compounds and injectables, offering tailored solutions to meet the specific needs of their clients.
Attack Overview
The ransomware attack on Pii has led to the exposure of a substantial amount of sensitive data, potentially causing operational disruptions and reputational damage. The compromised data includes critical information related to drug development and manufacturing processes, which could have severe implications for the company and its clients. The attack highlights the vulnerabilities that even well-established organizations in the healthcare sector face from sophisticated cyber threats.
About RansomHub
RansomHub is a relatively new ransomware group that has quickly made a name for itself in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a particular focus on healthcare-related institutions.
Penetration and Distinguishing Features
RansomHub's ransomware strains are written in Golang, a language that is becoming increasingly popular among ransomware developers due to its cross-platform capabilities and efficiency. This choice of language may indicate a trend towards more sophisticated and versatile ransomware attacks in the future. The group distinguishes itself by making claims and backing them up with data leaks, adding credibility to their threats and increasing pressure on victims to pay the ransom.
The exact method of penetration in Pii's case remains unclear, but common vectors include phishing emails, exploiting unpatched vulnerabilities, and leveraging weak security protocols. The attack on Pii underscores the importance of continuous vigilance against evolving cyber threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.