Exclusive: BlackSuit ransomware gang claims hack on Octapharma Plasma | #ransomware | #cybercrime

Exclusive: BlackSuit ransomware gang claims hack on Octapharma Plasma

Donor details, lab data, passports, and personal information have all been allegedly compromised in the US Octapharma hack.

The BlackSuit ransomware gang has ended days of speculation and finally taken responsibility for a damaging cyber attack on US pharmaceutical company Octapharma Plasma.

The ransomware gang posted details of the hack on its darknet leak site overnight.

BlackSuit has not shared any documents by way of proof but is claiming to have significantly sensitive data.

“What kind of data was taken from Octapharma Plasma network,” the leak site post said before providing a list of allegedly exfiltrated data, shared below:

  • Data of donors (ssn, dob, address)
  • Dead donors’ data (ssn, dob, address)
  • Data of donor centres
  • Laboratory data
  • Financial data (audits, reports, payments, contracts, etc.)
  • Employee data (passports, contracts, contacts, family details, medical examinations, etc.)
  • Business data (contracts, contacts, planning, presentations, etc.)
  • Other data taken from shares and personal folders

That includes Social Security numbers of both living and dead donors, address details, and date of birth. Lab data is also included, as is data from individual donation centres, as well as passports belonging to Octapharma staff.

Employee medical examination details are also allegedly part of the data stolen in the attack.

Octapharma Plasma first warned of an incident impacting its more than 100 donor centres last week on 19 April, saying on its website: “All centres are experiencing network issues and are currently closed. Further updates on reopening will be sent via email, social media, OctaApp, and our website.”

That notice has since been replaced with a new banner.

“IMPORTANT ANNOUNCEMENT: Select centres will be opening with modified hours,” the new notice read. “Stay tuned for a list of locations and times via OctaApp and email.”

There is currently no notice of any cyber incident on the Octapharma Plasma website.

At the time, however, a source close to the matter had told the media the incident was not due to a network issue but rather a cyber security incident. The source also suggested that BlackSuit was the culprit, but they were unaware if Octapharma had yet received any ransom demand.

The company likely has now.

Octapharma Plasma is the US arm of Swiss pharmaceutical company Octapharma and operates a cash-for-plasma donation scheme to supply plasma that goes into a range of therapeutic products.

“In the USA, Octapharma Plasma, Inc collects, tests, and supplies human blood plasma for manufacture into life-saving therapies. Octapharma Plasma, Inc operates more than 190 donation centres in 35 states,” Octopharma’s global website said.

Octapharma itself is “one of the largest human protein manufacturers in the world, developing and producing human proteins from human plasma and human cell lines”.

Cyber Daily has reached out to Octapharma Plasma for comment.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

Source link


National Cyber Security