Ransomware Attack on Belcher Pharmaceuticals LLC
Incident Date:
May 17, 2024
Overview
Title
Ransomware Attack on Belcher Pharmaceuticals LLC
Victim
Belcher Pharmaceuticals LLC
Attacker
Underground Team
Location
First Reported
May 17, 2024
Ransomware Attack on Belcher Pharmaceuticals LLC
Company Overview
Belcher Pharmaceuticals LLC is a specialty pharmaceutical company based in Largo, Florida, United States. They focus on the development and manufacturing of prescription products for both human and animal health markets. Belcher Pharmaceuticals offers a lower cost alternative to branded pharmaceutical products and specializes in generic pharmaceuticals, beta-lactam and cephalosporin antibiotics, and controlled substances.
Company Profile
Belcher Pharmaceuticals is a standout company in the pharmaceutical industry, renowned for delivering quality, affordable products. Despite having only five employees, their impact is significant, boasting over 100 years of combined experience in pharmaceutical development and manufacturing. Their operations are centralized in a 65,000-square-foot facility in Largo, Florida, where they conduct commercial manufacturing, packaging, and analytical operations in-house. Their focus on research and development underscores their commitment to expanding their product offerings and maintaining their competitive edge in the market./p>
Attack Overview
The company fell victim to a ransomware attack conducted by the "Underground Team" cybercrime group. The attackers made off with 234.7 GB of sensitive data, including product certificates, financial documents, employee data, patents, customer information, and more. The attack involved encrypting files and leaving ransom notes in multiple system folders.
Ransomware Group Profile
The "Underground Team" ransomware group distinguishes itself by using a 64-bit GUI-based application with various commands to carry out malicious actions. They target system volumes, leave ransom notes, and selectively encrypt files and directories. The group may use social engineering tactics like phishing emails to distribute their ransomware.
Company Vulnerabilities
The company's vulnerabilities in being targeted by threat actors include the sensitive nature of their data, such as product information, financial documents, and employee data. The company's focus on pharmaceutical development and manufacturing makes them a valuable target for cybercriminals seeking to exploit valuable intellectual property and personal information.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.