American pharmaceutical company Inotiv has disclosed that on Aug. 8, 2025 it uncovered a cybersecurity incident in which a threat actor gained unauthorized access to and encrypted some of its systems causing disruptions to its operations. That was found in this filing:
https://www.sec.gov/Archives/edgar/data/720154/000162828025040658/notv-20250808.htm
On August 8, 2025, Inotiv, Inc. (the “Company”) became aware of a cybersecurity incident affecting certain of its systems and data. The Company’s preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the Company’s systems. Upon identifying encrypted systems, the Company took steps to contain, assess, and remediate the cybersecurity incident, including initiating an investigation, engaging external cybersecurity specialists, and restricting access to certain of its systems. The Company has also notified law enforcement.
The cybersecurity incident has caused, and is expected to continue to cause, disruptions to certain business operations of the Company. The incident has temporarily impacted the availability of and access to certain of the Company’s networks and systems, including access to portions of internal data storage and certain internal business applications. The Company is currently working to bring the impacted portions of its systems back online. In addition, and at the same time, the Company initiated its business continuity strategy and has transitioned certain operations to offline alternatives with the aim of reducing disruption to its business. While the Company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known.
The Company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known. Accordingly, the Company has not yet determined whether the incident is reasonably likely to have a material impact on the Company.
Ensar Seker, CISO at cybersecurity threat intelligence company SOCRadar, commented:
“This ransomware attack on Inotiv is a stark reminder of how devastating disruptions can be to organizations deeply embedded in critical research and development. A contract research organization like Inotiv supports pharmaceutical innovation with high volumes of sensitive data, so it’s no surprise the Qilin gang targeted them. Encrypting key internal systems and exfiltrating 176 GB of proprietary research data puts both operational continuity and intellectual property at grave risk, and the switch to offline workarounds underscores the severity of the disruption.
“Organizations across sectors should heed this as a cautionary tale. It highlights the importance of robust incident response planning, including standby offline capabilities, and stringent controls over who can access sensitive systems. In environments handling valuable research or regulated data, defenses must extend beyond detection. They must include rapid containment, strong backup strategies, and threat intelligence sharing that can anticipate when adversaries are likely to strike.”
I keep saying this, but it bears repeating. The best way to not be affected by a threat actor is to do everything possible to make it difficult for them to get into your environment. Threat actors will go after the lowest hanging fruit in order to score a quick payday. Thus if they can’t pwn you, they’ll move on to the next target. Thus don’t be that next target.
Related
This entry was posted on August 20, 2025 at 8:30 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Pharma Company Inotiv Hit by Ransomware Attack
American pharmaceutical company Inotiv has disclosed that on Aug. 8, 2025 it uncovered a cybersecurity incident in which a threat actor gained unauthorized access to and encrypted some of its systems causing disruptions to its operations. That was found in this filing:
https://www.sec.gov/Archives/edgar/data/720154/000162828025040658/notv-20250808.htm
On August 8, 2025, Inotiv, Inc. (the “Company”) became aware of a cybersecurity incident affecting certain of its systems and data. The Company’s preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the Company’s systems. Upon identifying encrypted systems, the Company took steps to contain, assess, and remediate the cybersecurity incident, including initiating an investigation, engaging external cybersecurity specialists, and restricting access to certain of its systems. The Company has also notified law enforcement.
The cybersecurity incident has caused, and is expected to continue to cause, disruptions to certain business operations of the Company. The incident has temporarily impacted the availability of and access to certain of the Company’s networks and systems, including access to portions of internal data storage and certain internal business applications. The Company is currently working to bring the impacted portions of its systems back online. In addition, and at the same time, the Company initiated its business continuity strategy and has transitioned certain operations to offline alternatives with the aim of reducing disruption to its business. While the Company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known.
The Company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known. Accordingly, the Company has not yet determined whether the incident is reasonably likely to have a material impact on the Company.
Ensar Seker, CISO at cybersecurity threat intelligence company SOCRadar, commented:
“This ransomware attack on Inotiv is a stark reminder of how devastating disruptions can be to organizations deeply embedded in critical research and development. A contract research organization like Inotiv supports pharmaceutical innovation with high volumes of sensitive data, so it’s no surprise the Qilin gang targeted them. Encrypting key internal systems and exfiltrating 176 GB of proprietary research data puts both operational continuity and intellectual property at grave risk, and the switch to offline workarounds underscores the severity of the disruption.
“Organizations across sectors should heed this as a cautionary tale. It highlights the importance of robust incident response planning, including standby offline capabilities, and stringent controls over who can access sensitive systems. In environments handling valuable research or regulated data, defenses must extend beyond detection. They must include rapid containment, strong backup strategies, and threat intelligence sharing that can anticipate when adversaries are likely to strike.”
I keep saying this, but it bears repeating. The best way to not be affected by a threat actor is to do everything possible to make it difficult for them to get into your environment. Threat actors will go after the lowest hanging fruit in order to score a quick payday. Thus if they can’t pwn you, they’ll move on to the next target. Thus don’t be that next target.
Share this:
Like this:
Related
This entry was posted on August 20, 2025 at 8:30 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.