West Pharmaceutical Services Hit by Ransomware Attack, Disrupting Global Manufacturing and Supply Chain
West Pharmaceutical Services, a key supplier of injectable drug packaging and delivery systems, disclosed a ransomware attack on 4 May that forced the company to shut down portions of its global infrastructure. The breach, which involved data exfiltration and system encryption, disrupted manufacturing, shipping, and receiving operations across multiple facilities.
The company reported progress in restoring core enterprise systems, with critical processes resuming at some sites while others remain in recovery. Forensic investigations, led by Palo Alto Networks’ Unit 42 alongside external experts, found no evidence of persistent malicious activity, though the incident affected domain-joined devices within West’s network. All known indicators of compromise are being addressed, and accounts have been secured.
Industry Impact and Supply Chain Risks
The attack highlights the growing sophistication of ransomware operations, which now function as a professionalized industry with affiliate programs and revenue-sharing models. According to Jacob Krell of Suzu Labs, ransomware groups target high-value supply chain entities like pharmaceutical manufacturers because downtime cascades downstream, disrupting critical drug delivery systems.
Damon Small of Xcape Inc. noted that the breach paralyzed approximately 70% of the world’s injectable drug supply chain, forcing a proactive global shutdown to prevent further damage. The absence of a public leak site suggests negotiations may be underway to protect proprietary packaging designs and shipping data, which could expose major pharmaceutical clients like Pfizer and Moderna to operational risks.
Lessons in Resilience and Recovery
Experts emphasize that perimeter defense alone is insufficient against modern ransomware threats. Organizations in critical supply chains must adopt blast radius reduction, validated recovery capabilities, and proactive threat hunting. Small advocates for strict OT-IT segmentation (using models like the Purdue Model) and immutable backups to prevent a single breach from crippling global operations.
West Pharmaceutical Services continues to provide updates as the investigation progresses, with restoration efforts ongoing. The incident underscores the urgent need for robust cybersecurity measures in sectors where operational downtime directly impacts public health.
Source: https://informationsecuritybuzz.com/cyberattack-on-west-pharmaceutical-halts-manufacturing/
Moderna cybersecurity rating report: https://www.rankiteo.com/company/modernatx
"id": "MOD1779345048",
"linkid": "modernatx",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Major pharmaceutical clients '
'(e.g., Pfizer, Moderna)',
'industry': 'Pharmaceutical packaging and delivery '
'systems',
'location': 'Global',
'name': 'West Pharmaceutical Services',
'type': 'Corporation'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': 'High (proprietary and operational '
'data)',
'type_of_data_compromised': 'Proprietary packaging designs, '
'shipping data'},
'date_detected': '2024-05-04',
'date_publicly_disclosed': '2024-05-04',
'description': 'West Pharmaceutical Services, a key supplier of injectable '
'drug packaging and delivery systems, disclosed a ransomware '
'attack on 4 May that forced the company to shut down portions '
'of its global infrastructure. The breach involved data '
'exfiltration and system encryption, disrupting manufacturing, '
'shipping, and receiving operations across multiple '
'facilities.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to West '
'Pharmaceutical Services and its '
'clients (e.g., Pfizer, Moderna)',
'data_compromised': 'Proprietary packaging designs, shipping data',
'downtime': 'Global shutdown of manufacturing, shipping, and '
'receiving operations',
'operational_impact': 'Disrupted approximately 70% of the world’s '
'injectable drug supply chain',
'systems_affected': 'Domain-joined devices, global manufacturing '
'and supply chain infrastructure'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Perimeter defense alone is insufficient against modern '
'ransomware threats. Organizations in critical supply '
'chains must adopt blast radius reduction, validated '
'recovery capabilities, proactive threat hunting, strict '
'OT-IT segmentation, and immutable backups.',
'motivation': 'Financial gain, operational disruption',
'post_incident_analysis': {'corrective_actions': 'Addressing all known '
'indicators of compromise, '
'securing accounts, '
'restoring systems'},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'recommendations': ['Adopt blast radius reduction strategies',
'Implement validated recovery capabilities',
'Proactive threat hunting',
'Strict OT-IT segmentation (e.g., Purdue Model)',
'Use immutable backups'],
'references': [{'source': 'Jacob Krell (Suzu Labs)'},
{'source': 'Damon Small (Xcape Inc.)'}],
'response': {'communication_strategy': 'Ongoing updates to stakeholders',
'containment_measures': 'Shutdown of global infrastructure, '
'securing accounts, addressing '
'indicators of compromise',
'incident_response_plan_activated': True,
'network_segmentation': 'Recommended (OT-IT segmentation using '
'Purdue Model)',
'recovery_measures': 'Progressive resumption of critical '
'processes at some sites',
'remediation_measures': 'Restoration of core enterprise systems, '
'forensic investigation',
'third_party_assistance': 'Palo Alto Networks’ Unit 42, external '
'forensic experts'},
'stakeholder_advisories': 'Ongoing updates as investigation progresses',
'title': 'West Pharmaceutical Services Hit by Ransomware Attack',
'type': 'Ransomware'}