Pharmaceutical Company Inotiv Confirms Ransomware Attack

Threat Score:
79
5 articles
100.0% similarity
1 day ago

Article Timeline

5 articles
Click to navigate
Aug 19
Aug 19
Aug 20
Aug 20
Aug 20
Oldest
Latest

Key Insights

1
Pharmaceutical company Inotiv confirmed a ransomware attack on August 8, 2025, resulting in the encryption of certain systems and data, which disrupted business operations.
2
The Qilin ransomware gang claimed responsibility for the attack, alleging they stole around 162,000 files totaling 176GB of data, which they have begun to publish on their leak site.
3
Inotiv's SEC filing indicated that the incident has caused ongoing disruptions, with the company expecting adverse effects to persist for an extended period.
4
Inotiv has engaged external security experts and notified law enforcement to assist in the investigation and containment of the breach.
5
The company's revenue exceeds $500 million annually, and it employs around 2,000 specialists, indicating the substantial impact this incident may have on its operations.
6
Inotiv's operations include drug development and safety assessment, making the breach a significant concern for stakeholders in the pharmaceutical industry.

Threat Overview

On August 8, 2025, Inotiv, an Indiana-based pharmaceutical company, suffered a significant ransomware attack that compromised and encrypted several of its internal systems. In a filing to the U.S. Securities and Exchange Commission (SEC), Inotiv reported that the incident disrupted its business operations, leading to ongoing adverse effects. The Qilin ransomware group claimed responsibility, asserting that they had stolen approximately 162,000 files, amounting to 176GB of data, which they have begun posting on their leak site. Inotiv stated, "On August 8, 2025, Inotiv, Inc. became aware of a cybersecurity incident affecting certain of its systems and data." The company has initiated containment and remediation efforts with the assistance of external cybersecurity experts and has reported the incident to law enforcement authorities.

Tactics, Techniques & Procedures (TTPs)

T1566
Phishing - Initial access likely gained through phishing emails targeting Inotiv employees [1][2]
T1486
Data Encrypted for Impact - Attackers encrypted critical systems and data to disrupt business operations [3][4]
T1071
Application Layer Protocol - Use of application layer protocols to exfiltrate stolen data [2][3]
T1203
Exploitation for Client Execution - Exploitation of application vulnerabilities to execute malicious payloads [1][4]
T1059
Command and Scripting Interpreter - Ransomware deployed via script execution on compromised systems [3][5]
T1057
Process Discovery - Attackers performed process discovery to identify key systems for encryption [2][4]
T1105
Ingress Tool Transfer - Post-exploitation tools deployed for further reconnaissance and data exfiltration [5]

Timeline of Events

2025-08-08
Inotiv discovers ransomware attack impacting internal systems and data [1][2]
2025-08-08
Qilin ransomware gang claims responsibility, stating they have stolen 162,000 files [3][4]
2025-08-09
Inotiv initiates incident response plan and engages external cybersecurity experts [2][5]
2025-08-10
Inotiv notifies law enforcement about the cyberattack [4]
2025-08-11
Qilin publishes data samples on their leak site, increasing pressure on Inotiv [3][4]
2025-08-12
Inotiv files a report with the SEC detailing the impact of the attack on operations [1][2]

Source Citations

expert_quotes: {'Inotiv SEC filing': 'Article 1', 'Bill Toulas on ransomware impact': 'Article 2', 'Cybersecurity expert on preparedness': 'Article 4'}
primary_findings: {'Impact details': 'Articles 2, 4', 'Data theft claims': 'Articles 2, 3', 'Ransomware attack confirmation': 'Articles 1, 3'}
technical_details: {'Attack methods': 'Articles 1, 2, 5', 'Ransomware tactics': 'Articles 3, 4'}
Powered by ThreatCluster AI
Generated 5 hours ago
Recent Analysis
AI analysis may contain inaccuracies

Related Articles

5 articles
2

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

Security Affairs 13 hours ago

Pharmaceutical firm Inotiv says a ransomware attack encrypted systems and data, disrupting operations, according to its SEC filing. U.S. pharmaceutical firm Inotiv reported a ransomware attack that encrypted some systems and data, disrupting business operations. Inotiv is a U.S.-based pharmaceutical research and contract research organization (CRO). It provides nonclinical and analytical drug discovery and development […]

Score
77
100.0% similarity
Read more
3

Pharmaceutical Company Inotiv Confirms Ransomware Attack

Databreaches 7 hours ago

Ionut Arghire reports: Pharmaceutical company Inotiv has notified the US Securities and Exchange Commission (SEC) that its business operations took a hit after hackers compromised and encrypted its internal systems. The incident, the organization said in a Form 8-K filing, occurred on August 8, and prompted Inotiv to initiate containment and remediation processes. “The company’s preliminary... Source

Score
77
100.0% similarity
Read more
5
Pharma firm Inotiv says ransomware attack impacted operations

Pharma firm Inotiv says ransomware attack impacted operations

BleepingComputer 1 day ago

Pharma firm Inotiv says ransomware attack impacted operations Bill Toulas August 19, 2025 10:25 AM 0 American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company's business operations. In a filing to the U.S. Securities and Exchange Commission (SEC), Inotiv says that the cyberattack occurred on August 8 and took action to contain the breach. “On August 8, 2025, Inotiv, Inc. became aware of a cybersecurity

Score
56
97.0% similarity
Read more