Home / Definitions / ExecuPharm Ransomware Attack

ExecuPharm Ransomware Attack

Ali Azhar
Last Updated May 15, 2022 10:41 am

On March 13, 2002, the ExecuPharm ransomware attack was used to encrypt and steal corporate and employee data of ExecuPharm, a large pharmaceutical firm in the U.S. and subsidiary of the pharmaceutical giant, Parexel.

What Is ExecuPharm Ransomware?

The employees of ExecuPharm were targeted through phishing emails, and the stolen data included Social Security numbers (SSNs), passport numbers, driver’s license numbers, financial information, and other sensitive employee data.

The ExecuPharm ransomware was not solely used to encrypt employee data; the data was also extricated to threaten the company with public distribution if ransom demands were not met.

Origins of the ExecuPharm Ransomware Attack

Initial findings in the ExecuPharm investigation point to the Clop ransomware group as the hackers behind the ransomware attack. The Clop ransomware group participates in the increasingly common ransomware as a service (RaaS) technique that is most frequently used by hackers in Russia and Eastern Europe.

Using this technique, the Clop group offers their hacking tools to hired hackers to infiltrate the target victims’ servers. As a reward for successful hacks, the hackers are given a share in the received ransom. According to Trend Micro, the Clop group received more than $500 million in ransom payments as of November 2021.

What Was the Impact and Aftermath of the ExecuPharm Ransomware Attack?

ExecuPharm has over 5,000 employees, but it is not clear how many of these employees were directly affected by the ransomware attack. The stolen data included sensitive information such as bank account numbers, credit card numbers, and more.

The ransom demand of the ExecuPharm ransomware attack is not known, but according to some sources, the hackers published the stolen data from ExecuPharm, which means the hackers and the victim organization might not have reached an agreement.

The stolen data of ExecuPharm was released on the dark web associated with the Clop group. And there is no known decryption tool to recover data encrypted by the ExecuPharm ransomware attack.

Prevention of ExecuPharm Ransomware Attacks

Although it’s difficult to recover after an attack like this occurs, organizations can make themselves less vulnerable to ransomware attacks by adhering to some of the following recommendations:

Looking to protect your business against ransomware attacks? Find the Best Cybersecurity Software and Tools here.