RansomHub Ransomware Attack on Pharmaceutics International, Inc.

Pharmaceutics International, Inc. (Pii), a prominent Contract Development and Manufacturing Organization (CDMO) based in Hunt Valley, Maryland, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group RansomHub. The attack, discovered on August 1, has resulted in a significant data breach, compromising approximately 100GB of sensitive information.

About Pharmaceutics International, Inc.

Established in 1994, Pii has grown from a small team of 12 to over 280 employees, operating from a state-of-the-art facility encompassing more than 360,000 square feet. The company specializes in providing comprehensive pharmaceutical development and manufacturing services, including formulation development, clinical trial materials, and commercial manufacturing. Pii is known for its expertise in high potency compounds and injectables, offering tailored solutions to meet the specific needs of their clients.

Attack Overview

The ransomware attack on Pii has led to the exposure of a substantial amount of sensitive data, potentially causing operational disruptions and reputational damage. The compromised data includes critical information related to drug development and manufacturing processes, which could have severe implications for the company and its clients. The attack highlights the vulnerabilities that even well-established organizations in the healthcare sector face from sophisticated cyber threats.

About RansomHub

RansomHub is a relatively new ransomware group that has quickly made a name for itself in the cyber threat landscape. Believed to have roots in Russia, RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a particular focus on healthcare-related institutions.

Penetration and Distinguishing Features

RansomHub's ransomware strains are written in Golang, a language that is becoming increasingly popular among ransomware developers due to its cross-platform capabilities and efficiency. This choice of language may indicate a trend towards more sophisticated and versatile ransomware attacks in the future. The group distinguishes itself by making claims and backing them up with data leaks, adding credibility to their threats and increasing pressure on victims to pay the ransom.

The exact method of penetration in Pii's case remains unclear, but common vectors include phishing emails, exploiting unpatched vulnerabilities, and leveraging weak security protocols. The attack on Pii underscores the importance of continuous vigilance against evolving cyber threats.

Sources

• Pharmaceutics International, Inc. - About Us
• SOCRadar - Dark Web Profile: RansomHub
• Contract Pharma - Pii Profile
• Bloomberg - Pharmaceutics International, Inc. Profile