ExecuPharm

Clop ransomware leaked files stolen from U.S pharmaceutical company ExecuPharm after ransom negotiations failed.

ExecuPharm is a contract research organization (CRO) that provides clinical research support services to companies from the pharmaceutical industry. It is one largest privately-owned global diversity suppliers of clinical development services since 1994.

The attackers were able to steal almost 19,000 ExecuPharm and Parexel employees' emails, as well as further email correspondence including more than 80,000 emails.

They also stole 163GB worth of financial, accounting, and employee documents, as well as SQL backups of the company's document management system.

Source: https://www.bleepingcomputer.com/news/security/clop-ransomware-leaks-execupharms-files-after-failed-ransom/

TPRM report: https://scoringcyber.rankiteo.com/company/parexelfsp

"id": "exe2046291222",
"linkid": "parexelfsp",
"type": "Ransomware",
"date": "05/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Pharmaceutical',
                        'location': 'United States',
                        'name': 'ExecuPharm',
                        'type': 'Contract Research Organization'}],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Emails',
                                        'Financial documents',
                                        'Accounting documents',
                                        'Employee documents',
                                        'SQL backups'],
                 'number_of_records_exposed': ['19,000 employee emails',
                                               '80,000 email correspondence'],
                 'personally_identifiable_information': True,
                 'type_of_data_compromised': ['Employee emails',
                                              'Email correspondence',
                                              'Financial documents',
                                              'Accounting documents',
                                              'Employee documents',
                                              'SQL backups of document '
                                              'management system']},
 'description': 'Clop ransomware leaked files stolen from U.S pharmaceutical '
                'company ExecuPharm after ransom negotiations failed. '
                'ExecuPharm is a contract research organization (CRO) that '
                'provides clinical research support services to companies from '
                'the pharmaceutical industry. It is one largest '
                'privately-owned global diversity suppliers of clinical '
                'development services since 1994. The attackers were able to '
                "steal almost 19,000 ExecuPharm and Parexel employees' emails, "
                'as well as further email correspondence including more than '
                '80,000 emails. They also stole 163GB worth of financial, '
                'accounting, and employee documents, as well as SQL backups of '
                "the company's document management system.",
 'impact': {'data_compromised': ['Employee emails',
                                 'Email correspondence',
                                 'Financial documents',
                                 'Accounting documents',
                                 'Employee documents',
                                 'SQL backups of document management system']},
 'motivation': 'Financial',
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Clop'},
 'threat_actor': 'Clop Ransomware',
 'title': 'Clop Ransomware Attack on ExecuPharm',
 'type': 'Ransomware'}