The Qilin ransomware gang has claimed responsibility for an August ransomware attack on the big pharma research conglomerate Inotiv – the same research corporation fined $35 million by the US Justice Department in 2024 for egregious animal welfare violations. Finally, a ransomware attack to get behind.
-
The Qilin ransomware gang has claimed responsibility for a major cyberattack on pharma research corporation Inotiv.
-
Hackers say they stole 176 GB of sensitive company and employee data, disrupting operations across multiple sites.
-
The breach comes just months after Inotiv was fined $35 million by the US government for severe animal welfare violations.
Inotiv said it first became aware of “a cybersecurity incident affecting certain of its systems and data” on August 8th, filing a breach notification with the US Securities and Exchange Commission (SEC) on Monday.
The Indiana-based research company said its attackers had not only gained unauthorized access, but were able to encrypt some of its IT systems, causing disruptions to business operations.
The malicious intrusion has “temporarily impacted the availability of and access to certain Company’s networks and systems, including access to portions of internal data storage and internal business applications,” the SEC notice stated.
Although Inotiv said it has taken the affected systems offline to mitigate damage and reduce business interruptions, the company is unable to provide a restoration date.
The leading global research and development conglomerate has over 22 locations across North America and Europe, roughly 2000 employees, and an annual revenue of $490 million as of 2024, the company website states.
In what many may consider just desserts after its animal cruelty conviction (more on that below), Inotiv said it has brought in outside cybersecurity experts and law enforcement to help with the ongoing investigation.
Qilin gang takes claim
The Qilin ransomware group claimed responsibility for the massive attack, posting Inotiv on its dark leak site on
on August 11th.
The gang alleges it has stolen 176 GB of data (161,967 files) from Inotiv’s networks, additionally providing a sample of nine documents in the post.
Cybernews was able to view the purported samples, which showed financial documents, lab reports, research contracts, study agreements, purchasing orders, and vendor assessments, some dating back to 2018.
One of the samples listed employee names, the departments they worked for, and copies of their handwritten signatures.
Ensar Seker, CISO at cybersecurity threat intelligence company SOCRadar said the attack is a stark reminder of how devastating disruptions can be to organizations deeply embedded in critical research and development.
“A contract research organization like Inotiv supports pharmaceutical innovation with high volumes of sensitive data, so it’s no surprise the Qilin gang targeted them,” the CISO explained.
“Encrypting key internal systems and exfiltrating 176 GB of proprietary research data puts both operational continuity and intellectual property at grave risk, and the switch to offline workarounds underscores the severity of the disruption,” Seker said.
The ransomware group did not post a ransom deadline or say when it might publish the files if the pharmaceutical company chooses not to pay up.
Seker noted that in environments that handle valuable research or regulated data, defenses must extend beyond detection. “They must include rapid containment, strong backup strategies, and threat intelligence sharing that can anticipate when adversaries are likely to strike,” he said.
4,000 beagles used for testing
With a focus on bringing new drugs and medical devices through clinical research and development, Inotiv was at the center of an animal welfare investigation launched by the Humane Society in 2022 involving one of its subsidiaries, Envigo.
Envigo, an animal testing and breeding company, was found guilty of violating the welfare of thousands of Beagles housed at its Virginia facility after the Humane Society of the United States came down on the company, gathering evidence of its inhumane practices.
The investigation, also supported by many anti-animal testing advocates and community groups, culminated in a $35 million fine imposed on Inotiv by the US Justice Department (DoJ) last June.
“Inotiv will pay the largest Animal Welfare Act fine in history because of violations that occurred at a breeding facility owned by its subsidiary, Envigo, where our team removed more than 4,000 beagles during the summer of 2022!” the Humane Society posted on social media in 2024.
The Humane Society said during the investigation, nearly 450 dogs and puppies were removed from the facility in “acute distress, overcrowded, and freezing conditions.”
“Government inspectors also found that beagles there were being killed instead of receiving veterinary care for easily treated conditions; nursing mother beagles were being denied food; and the food that they did receive contained maggots, mold, and feces,” the Beagle advocates said in a press release at the time.
The financial penalties included a $22 million criminal fine for conspiring to knowingly violate the Animal Welfare Act and Clean Water Act, at least three years of probation, and long-term government oversight, the DoJ said.
Initially founded in 1974 as Bioanalytical Systems, Inotiv merged in 2018 with Seventh Wave and acquired Envigo in 2021, the website states.
Envigo has over 1,200 employees and operates in more than 20 locations across North America and Europe.
Besides Envigo,
Inotiv has acquired multiple companies in recent years, including HistoTox Labs, Bolder BioPATH, Integrated Laboratory Systems, and Orient BioResource Center.
Who is the Qilin gang?
Notorious for targeting hospitals and the manufacturing sector, the lesser-known Qilin gang first appeared on the ransomware circuit in 2022, although its dark leak site claims it began operating in 2021.
Acting as a ransomware-as-a-service (RaaS) model, the cybercriminal outfit often uses double extortion tactics on its victims, demanding a ransom for decryption and then a second ransom to guarantee the stolen files will not be leaked on the dark web at a later date.
With 78 victims listed over the past four weeks, Qilin is considered the second most active ransomware cartel in the last 12 months, claiming a whopping 482 victims, according to the Cybernews Ransomlooker tool.
Past victims include global energy and manufacturing giant SK Group, US newspaper conglomerate Lee Enterprises, the Houston Symphony, Detroit’s PBS TV station, top North American auto parts suppliers Yanfeng, and the prestigious Utsunomiya cancer treatment center in Japan.
”>
