Pharmaceutical distributor AmerisourceBergen has confirmed that hackers compromised the computer system of one of its subsidiaries after threat actors began leaking allegedly stolen data.

AmerisourceBergen is a pharmaceutical distributor, medical affairs consultant and patient service provider. The company is a giant in the healthcare industry, employing 42,000 people and operating multiple fulfillment centers in the US, Canada and the UK, with 150 offices worldwide.

As first reported by a security researcher Dominique Alvierithe Lorenz ransomware gang has ended a long period of silence by listing AmerisourceBergen and their allegedly stolen data on its extortion site.

AmerisourceBergen confirmed the attack to BleepingComputer, saying the intrusion was contained and they are investigating whether the incident resulted in the compromise of sensitive data.

AmerisourceBergen’s full statement is shared below:

“AmerisourceBergen’s internal investigation quickly identified that a subsidiary’s computer system was compromised. We immediately engaged the appropriate teams to limit the intrusion, contain the disruption and take precautionary measures to ensure that all systems were and are now free of any intrusion.

“This was an isolated incident and we are investigating to determine if any sensitive data was compromised. We take our responsibility to protect data very seriously and continue to secure and harden our networks to prevent any future issues – AmerisourceBergen.

The Lorenz ransomware group released all allegedly stolen files to AmerisourceBergen and MWI Animal Health, presumably the subsidiary that was hacked.

The threat actors set the release date as November 1, 2022, even though the files were released just now, which could indicate that the breach happened a few months ago.

Amerisource listed on Lorenz
AmerisourceBergen listed on Lorenz (Computer Beep)

It is important to note that although the leaked files appear authentic, AmerisourceBergen has not yet confirmed that these files were stolen from its networks.

Lorenz ransomware operators have recently been observed using critical flaws in Mitel telephone systems for accessing corporate networks. The threat actors then keep a low profile for several months until they are ready to use the deployed backdoor for data exfiltration and file encryption.

Although Lorenz is not the most prolific threat group in the ransomware space, its attacks have a major impact as they target large enterprises.

A notable example from last year was an attack on the multinational defense contractor Hensold which resulted in the exfiltration of internal documents.





Source link