Ransomware attackers target Japanese pharmaceutical company Eisai

Japanese pharmaceutical company Eisai revealed that it became aware of a ransomware incident that encrypted some of the group’s servers. The company did not specify the nature of the affected systems or the number of affected systems, though it did say that it is expected to take some time to gauge the full extent of the incident. It remains unclear whether its production facilities have been taken down as well.

“Certain systems both in and outside of Japan, including logistics systems, have been taken offline as a result of the incident and our ongoing response process,” according to a company statement issued Tuesday. “Our corporate websites and email systems are operational at this time. The possibility of data leakage is currently under investigation.”

The ransomware incident that encrypted some of Eisai Group’s servers was detected late night on Saturday, June 3, Japan time, the statement disclosed. “We immediately implemented our incident response plan and launched an investigation with the aid of our cybersecurity partners. A company-wide task force was convened to rapidly work on response procedures.”

Currently, Eisai Group is working closely with external experts and law enforcement in an effort to protect its systems and to make a successful recovery, the statement revealed. “We will continue to work to minimize any inconvenience to our partners and stakeholders.”

In response to the ransomware attack, Eisai Group immediately established a company-wide task force and is working on recovery efforts with the advice of external experts and undertaking measures to understand the scope of the incident. Additionally, Eisai Group has consulted with law enforcement.

“We deeply apologize for any inconvenience and worry this may have caused to our partners and stakeholders,” the Eisai Group statement added.

The statement also said that any potential impact of this incident on the consolidated earnings forecast of this fiscal year is currently under careful examination. “If determined that revisions are necessary, an announcement will be made as soon as possible,” it added. 

As of now, ‘none of the major ransomware groups have taken responsibility for the cyberattack on their extortion sites yet, so the perpetrators are unknown.’

Headquartered in Tokyo, Eisai is involved in the research and development, manufacture, sale and import and export of pharmaceuticals. It has about six production plants located in Japan, the U.K., China and India, with laboratories located in Japan, the U.S., and the U.K. The company is focused on creating and delivering products to target diseases with high unmet medical needs, with a particular focus in its strategic areas of neurology and oncology.

The impact of cyberattacks on pharmaceutical organizations includes lack of availability of critical systems and business disruptions that may halt research and development (R&D) and drug production, and loss of data including intellectual property (IP), clinical trial data, and patient data. Cyberattacks can also influence loss of market position, and bring about financial losses caused by lost revenue and additional costs of lawsuits, regulatory non-compliance and potentially hefty fines, loss of consumer trust, and reduced shareholder value.

Last month, Cisco Talos researchers said that they had discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The team assesses with high confidence that RA Group is leveraging leaked Babuk ransomware source code and is ‘swiftly expanding’ its operations. The group is said to have to date compromised three organizations in the U.S. and one in South Korea across several business verticals, including manufacturing, wealth management, insurance providers, and pharmaceuticals.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.