Cyber Incident Victim: Supernus Pharmaceuticals
Date:
Nov 2021
Location:
United States of America
Summary
A biopharmaceutical company suffered a ransomware attack involving data exfiltration and encryption of files, with the perpetrators threatening to leak stolen information. The victim restored encrypted files without paying ransom, implemented enhanced security measures, and reported no significant operational disruption. The Hive ransomware group claimed responsibility, alleging theft of 1.5 terabytes of data and criticizing the company's initial failure to disclose the incident in regulatory filings, though a subsequent filing addressed the attack. Despite the company's public refusal to negotiate, the attackers asserted ongoing ransom discussions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-November 2021, Supernus Pharmaceuticals, a biopharmaceutical company based in Rockville, Maryland, suffered a ransomware attack that compromised its network systems. The incident involved unauthorized actors accessing corporate data, deploying malware to encrypt files, and exfiltrating approximately 1.5 terabytes of information. The company confirmed the breach occurred around November 14, 2021, though its operations continued without significant disruption. Supernus Pharmaceuticals promptly initiated recovery procedures, successfully restoring all encrypted files from backups without paying ransom demands. The organization implemented security enhancements to fortify its network infrastructure following the attack. While maintaining business continuity, the company acknowledged that threat actors would likely attempt to exploit the stolen data.
The Hive ransomware group claimed responsibility for the intrusion on Thanksgiving 2021, publicly disclosing they had exfiltrated 1,268,906 corporate files totaling 1.5TB. Through their Tor-based leak site, Hive threatened imminent data publication and criticized Supernus Pharmaceuticals for omitting the incident from its initial SEC Form 8-K filing. The company subsequently filed an amended 8-K disclosure specifically addressing the ransomware event. Despite Supernus Pharmaceuticals' public stance against ransom payments and assertions of restored operations, Hive operatives contradicted this position by alleging ongoing negotiations since the attack's execution. The organization maintained no financial settlement occurred while continuing operational safeguards against potential data misuse.