Inotiv, an American pharmaceutical company specializing in drug development, drug discovery, safety assessment, and live animal research, suffered a **ransomware attack** on **August 8, 2025**. The **Qilin ransomware gang** encrypted critical systems and data, stealing approximately **162,000 files (176GB)** and publishing samples on their leak site. The attack disrupted **business operations**, including databases and internal applications essential for core processes. While Inotiv initiated containment measures, migrated some operations offline, and engaged external security experts, the **outages persist with no estimated recovery timeline**. The incident has caused **significant operational disruptions**, affecting a company with **2,000 employees and $500M+ annual revenue**. The long-term financial, reputational, and operational impacts remain unclear as investigations continue.
TPRM report: https://www.rankiteo.com/company/inotiv
"id": "ino559081925",
"linkid": "inotiv",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': ['Drug Development',
'Drug Discovery',
'Safety Assessment',
'Live Animal Research Modeling'],
'location': 'Indiana, USA',
'name': 'Inotiv, Inc.',
'size': '~2,000 employees',
'type': ['Pharmaceutical Company',
'Contract Research Organization (CRO)']}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'number_of_records_exposed': '162,000 files',
'sensitivity_of_data': ['High (potential inclusion of '
'proprietary research or operational '
'data)'],
'type_of_data_compromised': ['Corporate data (unspecified)',
'Potentially sensitive research '
'or operational data']},
'date_detected': '2025-08-08',
'date_publicly_disclosed': '2025-08-08',
'description': 'American pharmaceutical company Inotiv disclosed a ransomware '
'attack on August 8, 2025, where a threat actor (Qilin '
'ransomware gang) gained unauthorized access and encrypted '
'certain systems and data. The attack disrupted business '
'operations, including databases and internal applications. '
'The gang claims to have stolen ~162,000 files (176GB) and '
'published samples on their leak site. Inotiv is investigating '
'with external experts, notified law enforcement, and is '
'working to restore systems while migrating some operations '
'offline. The financial and operational impacts are ongoing, '
'with no estimated timeline for full recovery.',
'impact': {'brand_reputation_impact': ['Potential reputational damage due to '
'data breach and operational '
'disruptions'],
'data_compromised': ['162,000 files (176GB)',
'Data samples published on leak site'],
'downtime': ['Ongoing (no estimated recovery time)',
'Disruptions to business operations'],
'operational_impact': ['Migration to offline alternatives',
'Partial restoration efforts'],
'systems_affected': ['Databases',
'Internal applications',
'Networks']},
'initial_access_broker': {'data_sold_on_dark_web': ['Samples published on '
"Qilin's leak site"],
'high_value_targets': ['Databases',
'Internal applications']},
'investigation_status': 'Ongoing (with external security experts)',
'motivation': ['Financial Gain', 'Data Theft', 'Extortion'],
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Qilin'},
'references': [{'source': 'BleepingComputer',
'url': 'https://www.bleepingcomputer.com'},
{'source': 'U.S. Securities and Exchange Commission (SEC) '
'Filing'}],
'regulatory_compliance': {'regulatory_notifications': ['U.S. Securities and '
'Exchange Commission '
'(SEC) filing']},
'response': {'communication_strategy': ['SEC filing',
'Media statements (via '
'BleepingComputer)'],
'containment_measures': ['Isolation of affected systems',
'Migration to offline alternatives'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Partial migration to offline operations'],
'remediation_measures': ['System restoration efforts'],
'third_party_assistance': ['External security experts']},
'stakeholder_advisories': ['SEC filing', 'Media communication'],
'threat_actor': 'Qilin Ransomware Gang',
'title': 'Ransomware Attack on Inotiv Encrypts Systems and Disrupts Business '
'Operations',
'type': ['Ransomware Attack', 'Data Breach', 'Operational Disruption']}