Pierre Fabre, a leading French pharmaceutical group, suffered a REvil ransomware attack last week, as confirmed by the company in an announcement. At the time, Pierre Fabre did not reveal much detail about the type of cyberattack they suffered.
BeepingComputer reported today they saw a REvil Tor payment page from the attackers. According to the messages on the page, threat actors initially demanded a $25 million ransom but as the company missed the deadline, the amount went up twofold.
Pierre Fabre is the second largest pharmaceutical group in France and the second largest dermo-cosmetics laboratory in the world with over 10,000 facilities worldwide.
Last week, Pierre Fabre announced a cyberattack that hit them on March 31st and which they brought under control in 24 hours.
However, they also had to temporarily halt most production activities.
“As a precaution, and in line with its risk management plan, the Group’s information system was immediately put into standby mode to curb the spread of the virus,” the company said at the time.
All production activities, except for at the production facility in Tarn, France, were halted, disclosed Pierre Fabre.
Since then, someone sent BeepingComputer a link for a REvil Tor payment page BleepingComputer showing that Pierre Fabre allegedly suffered a ransomware attack by REvil/Sodinokibi hacking group.
The attackers are now asking $50 million for decrypting the data.
A chat screen on the page shows a message from the threat actors saying that they are about to make Pierre Fabre’s data public.
There’s also a link that leads to a hidden REvil data leak page which contains images of allegedly Pierre Fabre’s passports, a company contact list, immigration documents, and government identification cards.
Over the past month, REvil has attacked large companies like Acer with a $50 million ransom and Asteelflash with a $24 million ransom.