BreachExchange mailing list archives
Hackers publish ExecuPharm internal data after ransomware attack
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 29 Apr 2020 09:13:29 -0500
https://techcrunch.com/2020/04/27/execupharm-clop-ransomware/ U.S. pharmaceutical giant ExecuPharm has become the latest victim of data-stealing ransomware. ExecuPharm said in a letter to the Vermont attorney general’s office that it was hit by a ransomware attack on March 13, and warned that Social Security numbers, financial information, driver licenses, passport numbers and other sensitive data may have been accessed. But TechCrunch has now learned that the ransomware group behind the attack has published the data stolen from the company’s servers. It’s an increasingly popular tactic used by ransomware groups, which not only encrypts a victim’s files but also exfiltrates the data and threatens to publish the data if a ransom isn’t paid. This new technique was first used by Maze, a ransomware group that first started hitting targets in December. Since then, a number of new and emerging groups, including DoppelPaymer and Sodinokibi have adopted the same approach. The data was posted to a site on the dark web associated with the CLOP ransomware group. The site contains a vast cache of data, including thousands of emails, financial and accounting records, user documents and database backups, stolen from ExecuPharm’s systems. When reached, a company executive confirmed to TechCrunch that CLOP was behind the attack. “ExecuPharm immediately launched an investigation, alerted federal and local law enforcement authorities, retained leading cybersecurity firms to investigate the nature and scope of the incident, and notified all potentially impacted parties,” said ExecuPharm operations chief David Granese. Since the outbreak of COVID-19, some of the ransomware groups have shown mercy on medical facilities that they have pledged not to attack during the pandemic. CLOP said it too would not attack hospitals, nursing homes or charities, but said ExecuPharm would not qualify, saying that commercial pharmaceutical companies “are the only ones who benefit from the current pandemic.” Unlike some strains of ransomware, there is no known decryption tool for CLOP. Maastricht University found out the hard way after it was attacked last year. The Dutch university paid out close to $220,000 worth of cryptocurrency to decrypt its hundreds of servers. The FBI has previously warned against paying the ransom. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Hackers publish ExecuPharm internal data after ransomware attack Destry Winant (Apr 29)