Cybercriminals Leak ExecuPharm Internal Documents After Ransomware Attack

A successful ransomware attack was deployed on March 13 against ExecuPharm, a subsidiary of the U.S. Biopharmaceutical giant Parexel, according to a recent announcement made by the company.

Unlike typical ransomware attacks, where bad actors encrypt data and demand payment in exchange for the decryption keys, the perps have also started leaking confidential information found on ExecuPharm’s network.
Discovered to be the handiwork of the CLOP ransomware group, the attack was initiated through phishing emails sent out to ExecuPharm employees.

In the letter sent to the Office of The Vermont Attorney General, the company explains that, “a data security incident that compromised select corporate and personal information” happened after “unknown individual encrypted ExecuPharm servers and sought a ransom in exchange for decryption.”

The organization also mentioned that bad actors could “have accessed and/or shared select personal information relating to ExecuPharm personnel, as well as information relating to select personnel of Parexel, whose information was stored on ExecuPharms’s data Network”.

The company also believes that confidential employee files were accessed during the attack, and does not rule out a potential leak of sensitive personal information, including:

• Beneficiary information including Social security numbers
• Taxpayer ID/EIN
• Driver’s License numbers
• Passport numbers
• Bank account numbers
• Credit card numbers
• National Insurance numbers
• National ID numbers
• IBAN/SWIFT numbers

With such varied personal information, the bad actors hit a gold mine. Leaked financial information along with ID information can be used to impersonate victims and ultimately commit fraud.

As a result, the company has notified local authorities and the FBI, and contracted cybersecurity experts to investigate the incident. ExecuPharm said it has restored its servers and upgraded its network security to prevent further attacks.

While most companies are known to pay ransom to retrieve their precious data, relying solely on backup systems does not fill in the security gaps.

Investing in a proper security training for employees, specifically designed to help spot suspicious or phishing emails and maintain good cyber hygiene can truly make a difference, especially now, with remote work in full swing.

Affected employees will be provided 1-year of free identity monitoring and, in case of any unfortunate events, $1 million is going towards identity fraud loss reimbursement that should cover legal costs and other expenses.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top