fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Leading Cosmetics Group Pierre Fabre Hit With $25 Million Ransomware Attack

Leading Cosmetics Group Pierre Fabre Hit With $25 Million Ransomware Attack

Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today.

Pierre Fabre is the second largest pharmaceutical group in France and the second largest dermo-cosmetics laboratory globally. With over 10,000 worldwide, Pierre Fabre developers a wide variety of products ranging from chemotherapy drugs to skincare products.

Last week, Pierre Fabre announced that they had suffered a cyberattack on March 31st that they brought under control in less than 24 hours.

However, to contain the spread, Pierre Fabre states that they had to perform a gradual and temporary halt to most production activities.

“As a precaution, and in line with its risk management plan, the Group’s information system was immediately put into standby mode to curb the spread of the virus.”

“This led to the gradual, temporary stoppage of most production activities (except for the production facility in Gaillac (in the Tarn in France), which manufactures active ingredients for pharmaceuticals and cosmetic products),” disclosed Pierre Fabre.

At the time, Pierre Fabre did not reveal what type of cyberattack they suffered.

Pierre Fabre hit by REvil ransomware attack

Since then, BleepingComputer has confirmed that Pierre Fabre suffered a ransomware attack by a hacking group known as REvil/Sodinokibi.

REvil is a ransomware-as-a-service operation, where the core malware developers recruit affiliates to compromise corporate networks, steal unencrypted data, and then encrypt devices. If a ransom payment is made, the core developers and the affiliate split the payment in an agreed-upon revenue share, with the affiliates usually getting the larger share.

While we still do not have many details regarding the attack, BleepingComputer was recently sent a link for a REvil Tor payment page allegedly from the Pierre Fabre ransomware attack.

This Tor payment page shows the ransomware gang demanding a $25 million ransom. As there has been no contact by the victim, and the time limit expired, the REvil ransom has doubled to $50 million.

Also Read: 3 Reasons Why You Must Take A PDPA Singapore Course

Pierre Fabre ransom demand from the REvil gang
Pierre Fabre ransom demand from the REvil gang
Source: BleepingComputer

While the payment page does not indicate who the victim is, the sites’s chat screen shows a message from the threat actors stating that they are about to Pierre Fabre’s data. This message is too further scare the company into paying a ransom.

REvil chat screen with a link to a hidden Pierre Fabre data leak page
REvil chat screen with a link to a hidden Pierre Fabre data leak page
Source: BleepingComputer

This link leads to a currently hidden REvil data leak page for Pierre Fabre, which contains images of allegedly stolen passports, a company contact list, government identification cards, and immigration documents.

Hidden REvil data leak page for Pierre Fabre
Hidden REvil data leak page for Pierre Fabre
Source: BleepingComputer

REvil has been going on a cyberattack spree over the past month where they have been attacking large companies and demanding ridiculously high ransom demands. These attacks include Acer with a $50 million demand and Asteelflash with a $24 million demand.

Also Read: What You Should Know About The Data Protection Obligation Singapore

BleepingComputer has reached out to Pierre Fabre multiple times, and our emails have bounced back. We have also contacted them via their online contact form and have never received a response.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us