Extortion group claims cyberattack on pharmaceutical giant IPCA Laboratories

IPCA Laboratories, one of the biggest pharmaceutical companies in India, has been hit by a cybercrime and extortion group that claims to have stolen 500 gigabytes of data from its systems.

Nandakishore Harikumar, founder and CEO of cybersecurity firm Technisanct, told TechCrunch that it appears the cybercrime group known as RansomHouse accessed IPCA Laboratories' infrastructure.

"I think ransom negotiation is happening at the moment," said Harikumar.

Portions of the company's data was published on RansomHouse's leak site on the dark web — seen by TechCrunch — which claims to include employee records and sensitive material related to medical research.

The stolen data also appears to include information about former company employees and internal audit reports.

The Mumbai-headquartered pharmaceutical company manufactures more than 350 formulations and 80 active pharmaceutical ingredients used for making medications, and has partnerships with organizations in over 120 countries across the world. IPCA also holds approvals from drug regulatory authorities including the United Kingdom, the European Union and the World Health Organization, among others, per the company's website.

IPCA did not respond to multiple requests for comment sent prior to publication. Emails to the company's compliance officer Harish P. Kamath went unreturned at press time. TechCrunch also contacted IPCA's chief information officer Ashok Nayak over LinkedIn. While our messages were opened, Nayak did not respond.

It's not known if a ransom demand has been made. RansomHouse first emerged in December 2021 and bills itself as a "professional mediators community," but ultimately has the same objective of extorting money from companies to avoid the publication of their private data.

Chipmaker AMD and Africa's largest retailer Shoprite are among the recent victims of the group.

A recent report by Singapore-based cybersecurity firm CloudSEK said India recorded the second highest number of attacks on healthcare systems globally in 2021, while the U.S. was the most affected country.

"Most of our Indian healthcare and pharmaceutical companies don't even have basic cybersecurity practices in place. Many of them depend on government insights to fight cyberattacks," said Harikumar, the founder of the security firm. "They need to adopt aggressive practices like bug bounty and implementing strategies along with small or large tools and practical solutions in countering these attacks."