Evotec SE cyber attack: German pharmaceuticals giant took all internal systems offline

German pharmaceutical giant Evotec SE has suffered a serious cyber attack that forced it to take several systems offline.

In a filing with the Frankfurt Stock Exchange, the pharma giant said that it identified unusual activity in one of its internal systems on April 6. The company immediately launched an investigation with assistance from third-party cyber security experts to understand the nature and scope of the cyber attack and decided to take all its internal systems offline to minimise the damage.

“While systems are not connected to the network at this stage, the Company confirms that business continuity is upheld at all of its global sites. Highest diligence is applied to data integrity, and selected systems will stay offline until the forensic examination has been completed and security plans are in place,” Evotec said in its filing.

“Solutions will be implemented to keep all services available to its partners, but certain delays or slower responses might occur,” the company added.

Evotec also said that for the time being, its partners and suppliers can reach their contacts by emailing info@evotec.eu until the company comes up with more efficient email communication in the future.

As of now, no hacker group has claimed responsibility for the cyber attack and the company is yet to disclose how the threat actors infiltrated its network, the nature of the cyber attack, or if any data has been compromised. The company says it has informed all relevant authorities about the cyber attack.

Last month, Indian pharmaceutical giant Sun Pharma also suffered a significant cyber attack that compromised sensitive company data and personal information. In a filing with the Bombay Stock Exchange, Sun Pharma said it identified an “information security incident”, following which it isolated the impacted systems from the core network to contain the incident.

Sun Pharma said that threat actors breached certain systems and exfiltrated certain company data and personal data and that it took steps to contain the cyber attack impacted its business operations. The notorious Black Cat/AlphV ransomware group later claimed responsibility for targeting Sun Pharma and listed the company on its data leak site.