Ransomware attack on US Pharma Company ExecuPharm


ExecuPharm, a US-based pharmaceutical company is reported to have become a victim of a Ransomware attack on March 13th of 2020. And as per a letter sent by the company to the Attorney General, Vermont details such as social security numbers, financial info, driving license details, passport numbers, and other sensitive data might have been accessed and stolen by hackers.


News is out that the hackers belonging to the CLOP ransomware group have posted a vast cache of data including email records, financial data, and accounting records along with user docs and data backups on the dark web.


Note- Some ransomware spreading gangs ( DopplePaymer, Maze, and Sodinokibi) are seen stealing a portion of data from the victimized database before encrypting it until a ransom is paid. This is to ensure that they earn money either way by selling the data on the dark web; only if the victim fails to pay the demanded sum in Crypto before time.


Federal and local law enforcement authorities have been notified about the incident and a 3rd party Cybersecurity firm has been pressed into service by ExecuPharm to deeply investigate the incident.


Meanwhile, amidst the news of ransomware spread, there is some good news to rejoice. Shade Ransomware gang has decided to shut down their business of spreading the file-encrypting malware and have published more than 750,000 decryption keys on GitHub for the past victims to unlock their database files.


Russian Cybersecurity firm Kaspersky has endorsed the decryption keys as authentic and has announced to create a free decryption tool in the next few weeks.


First spotted in 2014, Shade Ransomware gang is touted as one of the oldest ransomware spreading groups available on the web. For some reason, it decided to shut down its operations at the end of 2019 and made it official this week by releasing decryption keys.


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display