ExecuPharm, Subsidiary of US Biopharmaceutical Giant Parexel, Hit by Ransomware Attack

April 29, 2020

ExecuPharm, a subsidiary of the U.S. Biopharmaceutical giant Parexel, has been hit by a ransomware attack according to a recent announcement made by the company.

In a letter sent to the Office of The Vermont Attorney General, the company explains that on March 13, 2020, “a data security incident that compromised select corporate and personal information” happened after “unknown individual encrypted ExecuPharm servers and sought a ransom in exchange for decryption.”

As part of the incident, ExecuPharm employees received phishing emails from the unknown individuals. Upon a thorough investigation, noted the company, Execupharm determined that the individuals behind the encryption and the sending of the emails may have accessed and/or shared select personal information relating to ExecuPharm personnel, as well as personal information relating to select personnel of Parexel, whose information was stored on ExecuPharm's data network.

Information which may have been exposed includes: social security numbers, taxpayer ID/EIN, driver's license numbers, passport numbers, bank account numbers, credit card numbers, national insurance numbers, national ID numbers, IBAN/SWIFT numbers and beneficiary information.

The company said it notified federal and local law enforcement authorities in the US and retained third-party cybersecurity firms to investigate the incident further.

According to the company, they have rebuilt the impacted servers from backup servers ad have fully restored and secured the ExecuPharm systems.

Joseph Carson, chief security scientist and Advisory CISO at Thycotic, “Ransomware will continue to be one of the most destructive threats to many organizations for the foreseeable future, making it the most likely type of attack most companies will face. ExecuPharm has fallen victim to the CLOP ransomware group which uses the technique to steal and encrypt sensitive data. Even if the victim is able to restore the data from a backup, the adversary threatens to publicly leak the stolen data which can result in both brand and financial damage. Unfortunately for ExecuPharm, the attackers have started releasing personal data on employees which includes some very sensitive data that could be used to steal identities or cause financial fraud."

At this time, it is not known which approach ExecuPharm will take, how many of their services are unavailable or whether they have a planned and tested incident response plan, says Carson. "Companies need to change their approach to ransomware rather than trying to recover after an incident, especially during these chaotic times with many employees working from remotely leaving more companies are now at risk. The best approach to reduce the risk is for companies to take the principle of least privilege approach which effectively stops most ransomware. Controlling and securing privileged access, as well applying the principle of least privilege, is an effective measure at reducing the risks from ransomware attacks," he adds.

Charles Ragland, security engineer at Digital Shadows, says, “The key thing that everyone should be doing is sharing information. Maintaining and sharing solid threat intelligence around actors and tools that frequently target the healthcare sector is one of the best things we can do to help. By providing this content, security professionals responsible for protecting healthcare networks can make informed decisions and ensure that infrastructure remains available for the patient care providers that need it.”

Jack Mannino, CEO at nVisium, notes that “Phishing attacks will always be successful over time regardless of how much awareness training we promote, where greater than zero clicks wins. Once an attacker gets in, your security posture and hygiene are what matter most. Controls like multi-factor authentication (MFA) can make it much more difficult to use stolen credentials for VPN access. There is no such thing as perfect security, but we need to make it as hard as possible for attackers.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

ExecuPharm, Subsidiary of US Biopharmaceutical Giant Parexel, Hit by Ransomware Attack

Related Articles

Report Abusive Comment