As per recent reports, a ransomware attack operated by the HiveLeaks ransomware group has recently targeted Supernus Pharmaceuticals, Inc, a biopharma firm from Rockville, Maryland. Despite the attack, the biopharma firm said they continued their operations without interruptions and would not pay any ransom money to any threat groups.
The preliminary results based on a current incident investigation revealed that the threat group behind the ransomware attack had encrypted the biopharma firm’s files on their systems, injected malware to force access to their systems, and threatened to publish selected data they acquired from the firm.
Supernus Pharma has alerted relevant authorities and teamed up with cybersecurity experts upon learning about being attacked. Furthermore, they reported having recovered the affected files and taken steps to protect their systems more moving forward. For this reason, the biopharma firm does not need to pay any ransom demands from the threat actors, especially since they were able to restore all data that the criminals have encrypted.
Despite the biopharma firm’s operation being safe from the impact of the recent ransomware attack, it does not mean that the same attack will not significantly affect them in the future and that the threat actors may still exploit their compromised data. Nonetheless, they assure their clients and affiliates that they will protect the compromised data and continue investigating and monitoring the situation.
Supernus Pharmaceuticals, Inc is a biopharma firm that develops and commercializes treatment products for central nervous system (CNS) diseases and has an approved treatment portfolio for migraine, epilepsy, hypomobility in Parkinson’s disease, chronic sialorrhea, ADHD, and cervical dystonia.
Meanwhile, information was recently released on Twitter involving the ransomware group HiveLeaks, which claims to be responsible for the attack against the biopharma firm. According to the tweet, Supernus’ networks had been encrypted, and about 1.5TB worth of the firm’s data were stolen.
The HiveLeaks ransomware group was observed to operate as an affiliate-based group.
They launch many attack tactics, techniques, and procedures (TTP) that create severe challenges for its victims’ defence and mitigation combating measures. Moreover, the ransomware group also uses a variety of compromise mechanisms against business networks, such as phishing emails with enclosed malicious malware to execute data breaches and access the Remote Desktop Protocol (RDP), both working at once on the impacted network.
Upon the victim network gets compromised, the threat group will steal all the data they can get and encrypt them on the network. Finally, they will leave a ransom note in all affected directories inside the system, instructing the victims how to acquire the decryption software while threatening to leak the stolen data on a Tor site called ‘HiveLeaks’ if they don’t settle with the agreement.
