Cyber Incident Victim: Shionogi & Co.

On or around October 2020, the REvil (Sodinokibi) ransomware group executed a cyberattack against the Taiwanese subsidiary of Japanese pharmaceutical firm Shionogi & Co. The group publicly claimed responsibility for the breach on October 23, 2020, by posting a screenshot of Shionogi’s directory files alongside a ransom note declaring, "All you network has been locked. You sensitive data has been downloaded. You have 10 days to contact us." This announcement included a partial data dump containing five PDF files as evidence of their unauthorized access and data exfiltration. Shionogi confirmed the incident on the same day, disclosing that the attack had occurred earlier in October but clarifying that no information related to its COVID-19 vaccine development was compromised. The company did not specify whether it engaged with the threat actors or paid any ransom.

The attack impacted Shionogi’s subsidiary network in Taiwan, resulting in both operational disruption through network locking and potential exposure of sensitive corporate data. REvil’s actions demonstrated their capability to infiltrate systems, exfiltrate data, and deploy ransomware—a tactic consistent with their double-extortion strategy. While the exact scope of breached data beyond the sample files remained undisclosed, the incident highlighted vulnerabilities in the subsidiary’s infrastructure. Shionogi’s public acknowledgment focused on mitigating reputational damage by emphasizing the exclusion of COVID-19 research from the breach. No further technical details regarding containment measures, system restoration timelines, or regulatory notifications were provided by the company. The event underscored REvil’s continued targeting of high-value entities during a period of heightened ransomware activity globally.