Sun Pharma Reports Security Incident, Ransomware Group Claims Massive Data Breach
Sun Pharmaceutical, one of India’s largest drug makers, reported an information security incident on March 2nd, 2023, which impacted some of its IT assets. The company has taken appropriate containment and remediation actions to address the incident and stated that it did not impact its core systems and operations. However, the threat actor group ALPHV has listed the breach on their leak site on the darknet, claiming to have sensitive data on Sun Pharma’s employees and customers, as well as evidence linking the company to the research and use of doping and its connection to the Indian and American governments.
ALPHV is a ransomware group that infiltrates vulnerable systems, encrypts data, and asks for a ransom to release the encryption key. The group claims to have over 17TB of data from the Indian Pharmaceutical major and has posted screenshots of data samples and lists on their leak site. ALPHV has also threatened to leak more documents in the future, which could have significant consequences for the company and its stakeholders.
The incident highlights the increasing threat of cyber attacks on healthcare and pharmaceutical companies, which are attractive targets due to the sensitive data they hold. These companies must take proactive measures to safeguard their networks and systems and respond promptly to any security incidents. They must also be prepared for the possibility of a ransomware attack and have a comprehensive incident response plan in place to mitigate the damage and protect their data and reputation.
ALPHV BlackCat is a ransomware group that operates as Ransomware-as-a-Service (RaaS), allowing affiliates to customize payloads and target different corporate environments. The group is believed to be based in Russia, and first came to the attention of security experts in November 2021. Recent victims of the group include Amazon Ring, CMMG, and other organizations, with ransoms ranging from $500,000 to $5 million depending on the victim’s size and resources.
