Ransomware Attack Hits Therabel Pharma by Hunters International
Incident Date:
October 11, 2024
Overview
Title
Ransomware Attack Hits Therabel Pharma by Hunters International
Victim
Therabel Lucien Pharma SAS
Attacker
Hunters International
Location
First Reported
October 11, 2024
Ransomware Attack on Therabel Lucien Pharma SAS by Hunters International
Therabel Lucien Pharma SAS, a prominent pharmaceutical company based in Levallois-Perret, Île-de-France, has reportedly fallen victim to a ransomware attack orchestrated by the Hunters International group. This attack has resulted in the exfiltration of approximately 338 GB of sensitive data, including client information, internal correspondence, contracts, and critical research documents related to preclinical studies and clinical trials.
Company Overview
Founded in 1945, Therabel Lucien Pharma SAS is a privately-owned pharmaceutical company with a rich European heritage. The company operates primarily through a partnership-driven business model, focusing on collaboration with other pharmaceutical entities to enhance its product offerings and market presence. With a reported group turnover of €59.1 million in 2019 and around 200 employees, Therabel is classified as a medium-sized enterprise. The company specializes in cardiovascular health, gastroenterology, and chemotherapy, making it a significant player in the healthcare services sector.
Attack Overview
The ransomware attack on Therabel Lucien Pharma SAS was claimed by Hunters International, a ransomware-as-a-service group that emerged in October 2023. The attackers have threatened to publish the stolen data on their dark web leak site if the ransom is not paid, putting Therabel at risk of significant operational and reputational damage. The compromised data includes financial information, potentially exposing the company to further vulnerabilities.
Hunters International: A Notorious Ransomware Group
Hunters International distinguishes itself by employing double extortion tactics, combining data encryption with data theft. The group utilizes code from the defunct Hive ransomware, allowing them to execute sophisticated attacks across various industries, including healthcare. Their malware, developed in Rust, provides cross-platform targeting capabilities, making it highly adaptable and effective against enterprise environments.
Potential Vulnerabilities
Therabel's extensive collaboration with healthcare providers and its focus on critical therapeutic areas make it an attractive target for ransomware groups like Hunters International. The company's reliance on digital infrastructure for research and development, coupled with the sensitive nature of its data, increases its vulnerability to cyberattacks. The attack highlights the need for enhanced cybersecurity measures to protect against sophisticated threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.