Cyber Incident Victim: AESCULAPIUS Farmaceutici
Date:
Feb 2023
Location:
Italy
Summary
The Italian pharmaceutical firm AESCULAPIUS Farmaceutici suffered a ransomware attack by the RansomHouse group, involving data exfiltration and subsequent publication on the group's darknet leak site. The cybercriminals compromised the organization's IT infrastructure, stealing sensitive information which they later released publicly after the victim reportedly refused ransom demands. The attack disrupted operations, exposing internal directories containing diverse company data. RansomHouse claimed the target had approximately 25 employees and $5.4 million in revenue. No official statement from the company appeared on its website regarding the incident at the time of reporting, despite the criminal group's publication of stolen materials. The incident exemplifies double extortion tactics commonly employed by ransomware operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 4, 2023, the Italian pharmaceutical company AESCULAPIUS Farmaceutici suffered a cyberattack claimed by the RansomHouse criminal group. The attackers infiltrated the organization's IT infrastructure, exfiltrating sensitive data before publicly disclosing the breach on their underground Data Leak Site (DLS) on February 23, 2023. RansomHouse published a post on their DLS homepage detailing the compromise, identifying AESCULAPIUS as a victim with approximately 25 employees and $5.4 million in annual revenue. The post included a functional download link to directories containing various categories of stolen corporate data accessible through Directory Listing. The group employed double extortion tactics typical of ransomware operations, threatening data publication unless payment was received, though no explicit ransom demand amount or encryption claims were disclosed in their public post.
The data publication occurred without prior public acknowledgment from AESCULAPIUS, as no incident-related statements appeared on the company's official website at the time of disclosure. The compromised information's exact nature and scope weren't itemized in the leak announcement, though the directory structure suggested multiple data types were exfiltrated. RansomHouse's standard operational procedures indicated they likely gained initial access, escalated privileges, moved laterally through networks, and extracted files before threatening disclosure. Cybersecurity monitoring service Red Hot Cyber confirmed the data's availability on darknet platforms accessible through conventional computers, contradicting common misconceptions about dark web accessibility. The incident exposed operational vulnerabilities in the pharmaceutical firm's cybersecurity defenses, though specific compromised systems weren't detailed. Red Hot Cyber committed to monitoring further developments while noting the absence of official company communications regarding remediation efforts, financial impacts, or operational disruptions resulting from the breach.