Hackers Publish ExecuPharm Internal Data After Ransomware Attack
U.S. pharmaceutical giant ExecuPharm has become the latest victim of data-stealing ransomware. ExecuPharm said in a letter to the Vermont attorney general’s office that it was hit by a ransomware attack on March 13, and warned that Social Security numbers, financial information, driver licenses, passport numbers and other sensitive data may have been accessed.
According to TechCrunch the ransomware group behind the attack has published the data stolen from the company’s servers.
The company has more than 18,000 global clinical operational specialists in its network and it is one largest privately-owned global diversity suppliers of clinical development services since 1994.
It’s an increasingly popular tactic used by ransomware groups, which not only encrypts a victim’s files but also exfiltrates the data and threatens to publish the data if a ransom isn’t paid. This new technique was first used by Maze, a ransomware group that first started hitting targets in December. Since then, a number of new and emerging groups, including DoppelPaymer and Sodinokibi have adopted the same approach.
According to Clop Ransomware’s leak site, the attackers were able to steal almost 19,000 ExecuPharm and Parexel employees’ emails, as well as further email correspondence including more than 80,000 emails.
The data was posted to a site on the dark web associated with the CLOP ransomware group. The site contains a vast cache of data, including thousands of emails, financial and accounting records, user documents and database backups, stolen from ExecuPharm’s systems.