HQ/EMEAFind out how we can help your business
Drug distributor AmerisourceBergen confirmed that a group of malicious actors had infiltrated one of its subsidiaries’ IT systems, exposing critical information.
This affected company is a medical business consultant, patient service provider, and pharmaceutical product distributor. In addition, it is also one of the world’s biggest healthcare industries, which is home to more than 40,000 workers.
The company currently operates in multiple counties, such as the United States, Canada, and the United Kingdom, and has about 150 offices globally.
The dormant Lorenz ransomware group suddenly claimed that attack against AmerisourceBergen.
According to a researcher, the Lorenz ransomware gang has ended its hiatus in the cybercriminal landscape by listing the allegedly stolen data from AmerisourceBergen on their data leak web page.
On the other hand, the pharmaceutical company confirmed the attack against their system but clarified that it contained the security breach. Furthermore, AmerisourceBergen stated that they are investigating whether the incident has compromised their sensitive data.
Unfortunately, the ransomware group has already posted all the alleged stolen files from AmerisourceBergen and its subsidiary, MWI Animal Health.
However, the Lorenz ransomware operators set the post data of the exposed data to November 1, 2022, even though they published the archives earlier this week. This detail implies that the security incident could have occurred more than two months ago.
As of now, AmerisourceBergen has confirmed that they suffered a malicious intrusion, but they have not assured that the leaked files came from their networks.
Some researchers noticed that the Lorenz ransomware group uses critical vulnerabilities in Mitel telephony systems to acquire initial access to corporate networks. Subsequently, the group becomes dormant for several months until they are ready to use their backdoor for exfiltrating data and encrypting files.
This malicious ransomware group is not one of the most prolific gangs today; however, its attacks still have a massive impact since they have targeted big-time companies.
AmerisourceBergen will continue investigating and reviewing the cases if the group has successfully obtained critical data that could affect their company and customers.
