Cipla Reportedly Hacked by Akira Ransomware Group, 70GB of Sensitive Data Allegedly Stolen

Cipla, one of India's leading pharmaceutical companies, has reportedly been targeted by the Akira ransomware group in a cyberattack that allegedly resulted in the exfiltration of 70GB of sensitive data. The breach, initially reported by Cybersecurity News, has sparked concerns about data security and patient privacy in the healthcare sector.

The Akira ransomware group claims to have stolen a range of critical information from Cipla, including personal medical records detailing prescribed medications, internal financial data, customer contact information such as phone numbers and email addresses, and employee contact details. With a global footprint of 47 manufacturing facilities and operations spanning 86 countries, Cipla represents a high-value target for cybercriminals.

Akira publicized the alleged breach on its dark web portal, asserting that it managed to siphon off the vast trove of data. Cipla has not yet issued a public statement confirming the breach or addressing the claims made by the ransomware group.

Akira’s Growing Threat

The Akira ransomware group, which first surfaced in early 2023, has rapidly grown into a significant cyber threat, targeting over 350 organizations to date. The group employs advanced tactics, including the ChaCha2008 encryption algorithm and exploiting VPN vulnerabilities.

Their modus operandi typically involves a double extortion strategy, encrypting victims' files while exfiltrating data. This approach enables the group to pressure organizations into paying ransoms by threatening both data loss and public exposure of sensitive information.

Just last month, Akira executed its largest data dump to date, leaking information from 35 organizations in a single day, signaling an escalation in its activities.

Queries seeking comment from Cipla remained unanswered.

If confirmed, the Cipla breach would align with Akira’s established modus operandi. The potential exposure of personal medical records, alongside internal corporate data, could have far-reaching implications for Cipla, its employees, and its customers. The incident also underscores the vulnerabilities within the pharmaceutical industry, which holds sensitive and high-stakes data critical to both patient care and supply chain operations.

Cybersecurity experts have emphasized the need for organizations to strengthen their defenses against ransomware attacks. Recommendations include conducting regular security audits, enhancing employee awareness through training, and implementing advanced endpoint protection technologies.

As the threat landscape continues to evolve, with ransomware groups like Akira targeting critical industries, incidents such as this serve as a stark reminder of the importance of proactive cybersecurity measures. For Cipla and other organizations in the healthcare sector, the stakes could not be higher.