Inotiv, a pharmaceutical firm, was hit with a ransomware attack. The organization became aware of the incident on August 8, 2025, and filed a report with the SEC on August 18, 2025.
According to the filing, the organization has experienced disruptions to business operations as a result of this event, and it anticipates more disruptions to come. As of now, certain networks and systems remain inaccessible.
“This ransomware attack on Inotiv is a stark reminder of how devastating disruptions can be to organizations deeply embedded in critical research and development,” says Ensar Seker, CISO SOCRadar. “A contract research organization like Inotiv supports pharmaceutical innovation with high volumes of sensitive data, so it’s no surprise the Qilin gang targeted them. Encrypting key internal systems and exfiltrating 176 GB of proprietary research data puts both operational continuity and intellectual property at grave risk, and the switch to offline workarounds underscores the severity of the disruption.”
An investigation done by the company has revealed that the malicious actors accessed and encrypted certain systems. Currently, the organization has worked to contain, examine, and remediate the incident, including engaging law enforcement and external cybersecurity specialists.
“Organizations across sectors should heed this as a cautionary tale. It highlights the importance of robust incident response planning, including standby offline capabilities, and stringent controls over who can access sensitive systems. In environments handling valuable research or regulated data, defenses must extend beyond detection. They must include rapid containment, strong backup strategies, and threat intelligence sharing that can anticipate when adversaries are likely to strike.”
