Zydus Pharmaceuticals Hit by Meow Ransomware, 20GB Data Stolen

Incident Date:

August 15, 2024

World map

Overview

Title

Zydus Pharmaceuticals Hit by Meow Ransomware, 20GB Data Stolen

Victim

Zydus Pharmaceuticals

Attacker

Meow

Location

Pennington, USA

New Jersey, USA

First Reported

August 15, 2024

Ransomware Attack on Zydus Pharmaceuticals by Meow Ransomware Group

Zydus Pharmaceuticals (USA) Inc., a leading generic pharmaceutical company based in Pennington, New Jersey, has fallen victim to a ransomware attack orchestrated by the Meow ransomware group. The attackers claim to have exfiltrated 20 GB of sensitive data, including financial documents, client data, employee information, and experimental research.

About Zydus Pharmaceuticals

Zydus Pharmaceuticals, a subsidiary of Zydus Lifesciences headquartered in India, has been a significant player in the U.S. market since its inception in 2005. The company offers over 500 product SKUs and has received approval for 287 Abbreviated New Drug Applications (ANDAs) from the U.S. Food and Drug Administration (FDA). Zydus specializes in complex generics, including modified release oral solids, transdermal patches, injectables, and oral suspensions. The company is recognized for its commitment to innovation and extensive research and development efforts.

Details of the Attack

The Meow ransomware group has listed Zydus Pharmaceuticals on their dark web leak site, offering the stolen data for sale. The group is demanding C75008 for exclusive access and C25008 for multiple buyers. The stolen data could provide deep insights into the company's operations, research activities, and strategic plans, making it highly valuable to industry professionals and market analysts.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and is associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and has been highly active in 2024, primarily targeting organizations in the United States. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.

Potential Vulnerabilities

Zydus Pharmaceuticals, like many organizations in the healthcare sector, handles a vast amount of sensitive data, making it an attractive target for ransomware groups. The company's extensive research and development activities, coupled with its significant market presence, increase the potential impact of such an attack. The exact method of penetration in this case remains unclear, but common vectors include phishing emails and RDP vulnerabilities.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.