Sun Pharmaceutical Industries Ltd., one of India’s most prominent pharmaceutical companies, has suffered a major data breach. The IT systems were impacted in the Sun Pharma cyber attack, the company confirmed.
The ALPHV ransomware group has claimed responsibility for the attack, stating that they have accessed over 17TB of data from the company. This includes sensitive information on customers and vendors and complete documents on over 1,500 US employees.
The ALPHV ransomware group alleges Sun Pharma deliberately tried to cover up the cyber attack, reporting it as a minor incident to the media. The group also claims that the company’s IT department set up honeypots to catch them in the network.
Sun Pharma cyber attack confirmed
In response to a query by The Cyber Express, Sun Pharmaceutical confirmed the cyber attack stating that the company promptly took steps to contain and remediate the impact of the IT security incident, including employing containment and eradication protocols to mitigate the threat and additional measures to ensure the integrity of its systems infrastructure and data.
These measures are underway as the Company utilizes global cyber security experts and enhanced security measures to address and mitigate the impact of the incident.
Validating that a ransomware group claimed responsibility for this incident, the company shared details regarding the Sun Pharmaceutical data breach:
“The Company currently believes that the incident’s effect on its IT systems includes a breach of certain file systems and the theft of certain company data and personal data. As part of the containment measures, we proactively isolated our network and initiated the recovery process.”
“As a result of these measures, Company’s business operations have been impacted. Consequently, revenues are expected to be reduced in some of our businesses. The Company would incur expenses in connection with the incident and the remediation.”
The statement added that currently company was unable to determine other potential adverse impacts of the incident, including but not limited to additional information security incidents, increased costs to maintain insurance coverage, the diversion of management and employee time or the possibility of litigation.
ALPHV ransomware group
This is not the first time the ALPHV ransomware group has targeted large corporations and small and medium-sized enterprises (SMEs). The group has claimed responsibility for multiple ransomware attacks and has reportedly tried to get ransoms worth millions.
Ransomware attacks have become increasingly common in recent years, with cybercriminals targeting companies of all sizes and sectors. These attacks typically involve encrypting a company’s data and holding it hostage until the company pays a ransom to the attackers.
Furthermore, the ALPHV ransomware group’s claim of having access to Alkaloida Chemical Company Zrt, a member of the SUN Pharma Group, has not been confirmed. It is unclear what data the group may have obtained from Alkaloida.
As cyberattacks grow in frequency and severity, companies must take proactive steps to protect their data and systems. This includes implementing robust cybersecurity measures, conducting regular security audits, and educating employees on cybersecurity best practices. Companies must also have a comprehensive incident response plan to contain and remediate the impact of an attack quickly.