Pharmaceutical development company investigating cyberattack after LockBit posting

A Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen. 

A spokesperson for Crinetics Pharmaceuticals — a clinical stage company focused on the development and commercialization of therapeutics for endocrine diseases and endocrine-related tumors — told Recorded Future News that it recently discovered “suspicious activity in an employee’s account and disabled it on the same day.”

“Crinetics immediately activated its cybersecurity incident response process, initiated an investigation, engaged third-party cybersecurity experts to assist, and notified law enforcement,” the spokesperson said. 

“The company also implemented additional company-wide security measures and contained the incident. This incident has not affected the company’s operations or its discovery and study databases. Crinetics takes all security-related matters seriously and we are committed to conducting a full investigation, which is currently ongoing, and will provide any legal notifications required.”

On Sunday, Crinetics was added to the leak site of LockBit — a ransomware gang whose infrastructure was recently disrupted by law enforcement agencies around the world. 

The gang demanded a $4 million ransom and set a deadline for March 23. Crinetics did not respond to questions about whether they were dealing with a ransomware attack

For about three weeks, LockBit has tried to revive its operation but has struggled to recover from the takedown, which saw the FBI and other agencies seize their hacking tools, cryptocurrency accounts and source code.

The group’s alleged leader, LockBitSupp, recently spoke to the Click Here podcast and vowed to continue launching attacks. 

“I plan to continue working until my death. I don’t have a goal for a year or for five years. My only goal in life is to attack one million companies around the world and go down in human history as the most destructive affiliate program. Once I reach one million businesses on my blog, I will retire forever,” LockBitSupp said. 

Although LockBitSupp acknowledged that the FBI operation was successful, he pledged to rebound from the incident and restore the gang’s prominence. While some researchers have said the gang has mostly been posting old data stolen before the law enforcement takedown, some of the victims posted in the last week appear to correlate to new attacks. 

Before the operation, LockBit was the most prolific ransomware gang in the world, launching thousands of attacks on hospitals, governments and businesses globally. 

Researchers at Recorded Future attributed nearly 2,300 attacks to this threat actor and the U.S. Justice Department said the group received more than $120 million in ransom payments since it began operating. 

So far, several people alleged to be linked to the LockBit gang have been arrested in Ukraine and Poland, with more arrests expected.

Pharmaceutical companies continue to be a focus for ransomware gangs, with multiple large corporations attacked over the last year. Japanese pharmaceutical company Eisai, Sun Pharmaceuticals and PharMerica have all faced attacks. Last month, global pharmaceutical corporation Cencora said it recently discovered that intruders had stolen data from its networks.