Over three weeks after being hit by an information technology (IT) security breach, drugmaker Sun Pharmaceutical Industries said its business operations have been impacted following the incident and efforts to contain and redress the situation. It also said that revenues would be reduced in some businesses as a result.

A ransomware group has claimed responsibility for the incident, Sun Pharma disclosed to the stock exchanges, without divulging the name of the group or outlining the quantum of impact. This is the third high-profile cyber-security linked incident on a large Indian drugmaker in about three years. In late 2020, Dr. Reddy’s Laboratories and Lupin reported cyber-security breaches. Last year, the All India Institute of Medical Sciences was also hit by a ransomware attack.

While no information has been shared on the region from where the online attack was possibly launched or the precise data that may have been breached, Sun Pharma said the incident’s effect “includes a breach of certain file systems and the theft of certain company data and personal data.”

Reduced revenue

As part of containment measures, Sun said, it had “proactively” isolated its network and initiated the recovery process. “As a result of these measures, Company’s business operations have been impacted.

Also read: Number of records exposed in cyber attacks in 2022 sees a dip

Consequently, revenues are expected to be reduced in some of our businesses,” it added.

“The Company would incur expenses in connection with the incident and the remediation. The Company is currently unable to determine other potential adverse impacts of the incident, including but not limited to additional information security incidents, increased costs to maintain insurance coverage, the diversion of management and employee time or the possibility of litigation,” Sun Pharma said.

In the loop

A media channel named ransomware group ALPHV as the alleged actor behind the attack, and threatening more damage. This has not been confirmed from any other quarter. Ransomware groups hold an organisation’s data for ransom, seeking a payment, for instance, to withdraw its threat and give the organisation access to its own data.

D. Sivanandan, former Maharashtra Director General of Police (DGP) and former Commissioner of Police (Mumbai) told businessline, that local law enforcement authorities need to be in the loop at the earliest. Companies have to step up their defense to prevent data from being contaminated or frozen for ransom, he said, because “once a company becomes a victim, it becomes difficult for (the) cops to identify the international criminal and later follow it up with MLAT process (Mutual Legal Assistance Treaty),” which would involve the Ministry of External Affairs having to get in touch with authorities in the country from where the attack had been launched.

According to IBM Security’s annual X-Force Threat Intelligence Index report (2023), ransomware attacks persisted, despite better detection. Besides, it added, Asia saw more cyberattacks than any other region, accounting for nearly one-third of all attacks that X-Force responded to in 2022. “Manufacturing accounted for nearly half of all cases observed in Asia last year,” the report said.