Pharmaceutical development company investigating cyberattack after LockBit posting

Jason Macuray
A Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen.

A Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen. 

A spokesperson for Crinetics Pharmaceuticals — a clinical stage company focused on the development and commercialization of therapeutics for endocrine diseases and endocrine-related tumors — told Recorded Future News that it recently discovered “suspicious activity in an employee’s account and disabled it on the same day.”

“Crinetics immediately activated its cybersecurity incident response process, initiated an investigation, engaged third-party cybersecurity experts to assist, and notified law enforcement,” the spokesperson said. 

“The company also implemented additional company-wide security measures and contained the incident. This incident has not affected the company’s operations or its discovery and study databases. Crinetics takes all security-related matters seriously and we are committed to conducting a full investigation, which is currently ongoing, and will provide any legal notifications required.”

On Sunday, Crinetics was added to the leak site of LockBit — a ransomware gang whose infrastructure was recently disrupted by law enforcement agencies around the world. 

The gang demanded a $4 million ransom and set a deadline for March 23. Crinetics did not respond to questions about whether they were dealing with a ransomware attack

For about three weeks, LockBit has tried to revive its operation but has struggled to recover from the takedown, which saw the FBI and other agencies seize their hacking tools, cryptocurrency accounts and source code.

The group’s alleged leader, LockBitSupp, recently spoke to the Click Here podcast and vowed to continue launching attacks. 

“I plan to continue working until my death. I don’t have a goal for a year or for five years. My only goal in life is to attack one million companies around the world and go down in human history as the most destructive affiliate program. Once I reach one million businesses on my blog, I will retire forever,” LockBitSupp said. 

Although LockBitSupp acknowledged that the FBI operation was successful, he pledged to rebound from the incident and restore the gang’s prominence. While some researchers have said the gang has mostly been posting old data stolen before the law enforcement takedown, some of the victims posted in the last week appear to correlate to new attacks. 

Before the operation, LockBit was the most prolific ransomware gang in the world, launching thousands of attacks on hospitals, governments and businesses globally. 

Researchers at Recorded Future attributed nearly 2,300 attacks to this threat actor and the U.S. Justice Department said the group received more than $120 million in ransom payments since it began operating. 

So far, several people alleged to be linked to the LockBit gang have been arrested in Ukraine and Poland, with more arrests expected.

Pharmaceutical companies continue to be a focus for ransomware gangs, with multiple large corporations attacked over the last year. Japanese pharmaceutical company Eisai, Sun Pharmaceuticals and PharMerica have all faced attacks. Last month, global pharmaceutical corporation Cencora said it recently discovered that intruders had stolen data from its networks.

CybercrimeIndustryNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

‘Lifelock’ hacker pleads guilty to extorting medical clinics

Next Post

Russians will no longer be able to access Microsoft cloud services, business intelligence tools

Related Posts

Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present,
Avatar
Read More

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia

In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: 'Are Bengal Cats legal in Australia?,'" Sophos researchers Trang Tang, Hikaru Koike,
Avatar
Read More