Pharmaceutical company Eisai has revealed that it suffered a ransomware incident that impacted its operations, admitting attackers encrypted some of its servers.
Eisai is a Tokyo-based pharmaceutical company with annual sales of $5.3 billion and over 10,000 employees. The company has nine manufacturing units and fifteen medical research units in Japan, the United Kingdom, North Carolina and Massachusetts.
The company develops and produces drugs for various forms of cancer and the treatment of chemotherapy side effects, as well as drugs for seizures, neuropathy and dementia.
A weekend ransomware attack
In a notification posted on its website, Eisai revealed that it suffered a ransomware attack over the weekend, a typical time for attackers to deploy encryptors as IT teams are understaffed and unable to respond effectively to the rapidly changing situation.
“A ransomware incident that encrypted some of Eisai Group’s servers was detected late on Saturday night, June 3, Japan time,” read the note.
“We immediately implemented our incident response plan and launched an investigation with the help of our cybersecurity partners. [and] a company-wide task force has been convened to work quickly on response procedures.”
The company took many of its computer systems offline to contain the damage and prevent the locker from spreading to other parts of the hacked corporate network.
Eisai says several of its systems, inside and outside Japan, including logistics systems, had to be taken offline and remain out of service until investigations were completed.
However, corporate websites and email communications remain functional.
The company quickly reported the incident to law enforcement authorities and brought in outside cybersecurity professionals to expedite recovery.
Eisai said the possibility of data leakage is being investigated; therefore, there remains a potential risk.
Similarly, the impact of this cyberattack on the company’s consolidated earnings forecast for the current fiscal year is unclear.
None of the major ransomware groups have yet taken responsibility for the cyberattack on their extortion sites, so the perpetrators are unknown.
Eisai had been the victim of another cyberattack in December 2021 by a now gone ransomware group named “AtomSilo”.
Although AtomSilo’s extortion portal is no longer online, the data leaked by the threat group included multiple MDF and LDF database dumps that it allegedly stole from Eisai’s network.