Analysis of the BlackSuit Ransomware Incident at Octapharma Plasma

Incident Date: Apr 23, 2024

Attack Overview

VICTIM

Octapharma Plasma, Inc.

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Black Suit

FIRST REPORTED

April 23, 2024

Request Removal

Analysis of the BlackSuit Ransomware Attack on Octapharma Plasma

Company Profile

Octapharma Plasma, Inc., a key player in the global healthcare sector, specializes in the collection, testing, and supply of human blood plasma. As a subsidiary of Octapharma AG, it stands as one of the largest privately owned and independent plasma fractionators worldwide. Established in 1983 and headquartered in Charlotte, North Carolina, Octapharma Plasma operates numerous donation centers across the United States. The company focuses on three main therapeutic areas: haematology, immunotherapy, and critical care, employing over 10,000 staff globally.

With its extensive network and advanced manufacturing capabilities, Octapharma Plasma serves patients in 118 countries, making significant contributions to the plasma and biopharmaceutical industries. The company's commitment to innovation and sustainability further solidifies its position as an industry leader.

Details of the Ransomware Attack

In a recent cybersecurity breach, Octapharma Plasma fell victim to a ransomware attack orchestrated by the BlackSuit group, a new but formidable player in the cybercrime arena. This attack resulted in the encryption of sensitive data across multiple systems, impacting both operational and personal data. The compromised information includes social security numbers, personal health information, financial records, and internal business documents.

The BlackSuit ransomware, which shares a high degree of similarity with the notorious Royal ransomware, targets both Windows and Linux systems, including critical infrastructure like VMware ESXi servers. The ransomware appends a .blacksuit extension to encrypted files and leaves a ransom note directing victims to a Tor-based communication channel.

Vulnerabilities and Industry Impact

The company's extensive data collection and storage of sensitive personal and medical information make it a prime target for ransomware attacks. The healthcare industry, known for its critical and time-sensitive operations, often faces immense pressure to pay ransoms to restore access to vital data and systems swiftly.

The attack not only threatens the privacy and security of individuals' data but also highlights the broader vulnerabilities within the healthcare sector, especially in organizations that manage high volumes of sensitive information.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.