Leading pharmaceutical group Pierre Fabre confirmed a REvil ransomware attack — demanded a $25 million ransom.
REvil Ransomware, also known as Sodinokibi, is another strain of ransomware that infects a system or network, encrypts files, and demands a ransom to decrypt them.
However, the threat actors targeted the leading french pharmaceutical and cosmetics group demanded a ransom of $25 million, initially.
Pierre Fabre Cyber Attack
The group with over 10,000 worldwide develops a wide variety of products ranging from chemotherapy drugs to skincare products.
On March 31, they suffered a cyber attack, on the other hand the computer virus has been brought under control in less than 24 hours.
Also as a precaution the system was immediately put into standby mode to curb the spread of the virus, disclosed Pierre Fabre.
Furthermore, “This led to the gradual, temporary stoppage of most production activities (except for the production facility in Gaillac (in the Tarn in France), which manufactures active ingredients for pharmaceuticals and cosmetic products).”
But at the time, Pierre Fabre did not reveal what type of cyberattack they suffered.
REvil Ransomware Attack
BleepingComputer has confirmed the cyber attack a ransomware attack by a hacking group known as REvil/Sodinokibi.
According to BleepingComputer, they recently sent a link for a REvil Tor payment page allegedly from the Pierre Fabre ransomware attack.
If the victim failed to pay the demanded ransom, then the ransom amount would be doubled to $50 million.
The link contains currently hidden REvil data leak page images of allegedly stolen data including:
- a company contact list
- government identification cards
- also immigration documents.
Pierre Fabre in a press release stated, the Group’s staff and its IT partners are working at full capacity to rectify the situation within the next few days.