Microbix Biosystems Inc., a life sciences company, experienced a ransomware attack by an international hacker group targeting its corporate server. While the company successfully recovered the server without operational disruption, the attackers exfiltrated data, including commercially sensitive information and employee records. The stolen employee data poses risks for further cybercrime attempts, such as phishing or identity fraud. Microbix confirmed no impact on safety, communications (including emails), or core operations, though file storage systems were temporarily offline. The company has refused to pay ransoms, citing ethical concerns and distrust of hackers. Proactive measures such as CIS framework adoption, endpoint protection, offline backups, and employee training are being reinforced to mitigate future threats. The incident underscores the escalating sophistication of cyber threats in the manufacturing and life sciences sectors, prompting heightened vigilance among stakeholders.
Source: https://finance.yahoo.com/news/microbix-addresses-cybersecurity-incident-120000054.html
TPRM report: https://www.rankiteo.com/company/safeguard-dna-diagnostics-inc
"id": "saf5592955110525",
"linkid": "safeguard-dna-diagnostics-inc",
"type": "Ransomware",
"date": "11/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': ['life sciences',
'manufacturing',
'export'],
'location': 'Mississauga, Ontario, Canada',
'name': 'Microbix Biosystems Inc.',
'type': 'public company'}],
'customer_advisories': 'Encouraged vigilance due to potential misuse of '
'stolen data',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': 'likely (employee '
'data)',
'sensitivity_of_data': 'high (potential use for further '
'cybercrime attempts)',
'type_of_data_compromised': ['commercially-sensitive '
'information',
'employee data']},
'date_publicly_disclosed': '2025-11-05',
'description': 'Microbix Biosystems Inc., a life sciences innovator, '
'manufacturer, and exporter, experienced a ransomware attack '
'by an international hacker group. The attack involved the '
'theft of commercially-sensitive information and employee data '
'from a corrupted corporate server. While the server was '
'successfully recovered without material disruption to '
'operations, some data was copied externally. The company has '
'refused to pay ransoms or engage with hackers and is actively '
'strengthening its cybersecurity measures, including adopting '
'CIS frameworks, employee training, endpoint protection, and '
'disaster-recovery planning.',
'impact': {'brand_reputation_impact': 'potential (notification issued to '
'stakeholders to encourage vigilance)',
'data_compromised': ['commercially-sensitive information',
'employee data'],
'downtime': 'temporary (file storage systems offline, no '
'operational/safety/communications systems affected)',
'identity_theft_risk': 'potential (employee data might be used for '
'further cybercrime attempts)',
'operational_impact': 'none (no material disruption to operations)',
'systems_affected': ['corporate server (file storage systems '
'temporarily offline)']},
'initial_access_broker': {'high_value_targets': ['commercially-sensitive '
'information',
'employee data']},
'investigation_status': 'ongoing (company actively addressing the incident)',
'motivation': ['financial gain', 'cybercrime'],
'post_incident_analysis': {'corrective_actions': ['Adoption of CIS frameworks',
'Enhanced employee '
'cybersecurity training',
'Endpoint protection '
'upgrades',
'Improved backup strategies '
'(regular, redundant, '
'offline)',
'Disaster-recovery and '
'business-continuity '
'planning']},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'recommendations': ['Continue upgrading cybersecurity systems (e.g., CIS '
'frameworks, employee training, endpoint protection)',
'Maintain regular, redundant, and offline backups',
'Strengthen disaster-recovery and business-continuity '
'planning',
'Refuse to pay ransoms to avoid encouraging cybercrime'],
'references': [{'date_accessed': '2025-11-05',
'source': 'GLOBE NEWSWIRE - Microbix Biosystems Inc. Press '
'Release'}],
'response': {'communication_strategy': ['public disclosure via news release',
'notification to customers, '
'employees, investors, and suppliers '
'to encourage vigilance'],
'containment_measures': ['server recovery',
'refusal to pay ransom or engage with '
'hackers'],
'enhanced_monitoring': 'endpoint server protection (real-time '
'threat monitoring)',
'incident_response_plan_activated': True,
'recovery_measures': ['successful recovery of corrupted server '
'and its data'],
'remediation_measures': ['adoption of Center for Internet '
'Security (CIS) frameworks',
'comprehensive employee cybersecurity '
'training',
'endpoint server protection (real-time '
'threat monitoring, detection, and '
'response)',
'regular, redundant, and offline '
'backups (including cloud)',
'disaster-recovery and '
'business-continuity planning']},
'stakeholder_advisories': 'Notification issued to customers, employees, '
'investors, and suppliers to encourage vigilance',
'threat_actor': 'international hacker group (responsible for hundreds of '
'attacks on manufacturing and life sciences companies)',
'title': 'Ransomware Attack and Data Theft at Microbix Biosystems Inc.',
'type': ['ransomware', 'data breach']}