Japanese pharma giant Eisai discloses ransomware attack

Pharmaceutical company Eisai has disclosed it suffered a ransomware incident that impacted its operations, admitting that attackers encrypted some of its servers.

Eisai is a Tokyo-based pharmaceutical company with an annual revenue of $5.3 billion and over 10,000 employees. The company maintains nine manufacturing and fifteen medical research units in Japan, the United Kingdom, North Carolina, and Massachusetts.

The company develops and produces medication for various forms of cancer and the treatment of chemotherapy side effects, as well as anti-seizure, neuropathy, and dementia drugs.

A weekend ransomware attack

In a notification posted to their website, Eisai disclosed that they suffered a ransomware attack over the weekend, a typical time for attackers to deploy encryptors as IT teams are understaffed and unable to respond effectively to the rapidly evolving situation.

"A ransomware incident that encrypted some of Eisai Group's servers was detected late at night on Saturday, June 3, Japan time," reads the notice.

"We immediately implemented our incident response plan and launched an investigation with the aid of our cybersecurity partners [and] a company-wide task force was convened to rapidly work on response procedures."

The company took many of its IT systems offline to contain the damage and prevent the spread of the locker to further portions of the breached corporate network.

Eisai explains that several of its systems, both inside and outside Japan, including logistics systems, had to be taken offline and remain out of service until investigations are concluded.

However, corporate websites and email communications remain functional.

The company promptly reported the incident to the relevant law enforcement authorities and enlisted external cybersecurity professionals to expedite recovery.

Eisai stated that the possibility of data leakage is under investigation; hence it remains a potential risk.

Similarly unclear is this cyberattack's impact on the company's consolidated earnings forecast for the current fiscal year.

None of the major ransomware groups have taken responsibility for the cyberattack on their extortion sites yet, so the perpetrators are unknown.

Eisai had fallen victim to another cyberattack in December 2021 by a now-defunct ransomware group named 'AtomSilo.'

AtomSilo 2021 claim against Eisai (ke-la.com)

Although AtomSilo's extortion portal isn't online anymore, the data the threat group leaked on it included several MDF and LDF database dumps it allegedly stole from Eisai's network.