Sun Pharma may incur revenue loss for ransomware incident on March 2

Sun Pharma Advanced Research Company may incur expenses in connection with incident; India was the second most attacked country for ransomware in the APAC-Japan region in 2022

India’s largest drugmaker by market share, Sun Pharmaceutical Industries Ltd, has said that the IT security incident it faced earlier in March will impact the revenues of some of its businesses.

The incident was reported on March 2.

The company said it has ‘proactively’ isolated its network and initiated the recovery process. “As a result of these measures, the company's business operations have been impacted. Consequently, revenues are expected to be reduced in some of our businesses," Sun Pharma said in a regulatory filing late in the night on March 26.

In a regulatory filing on Monday, Sun Pharma Advanced Research Company also said that it may incur certain expenses in connection with the incident and the remediation process. "We are unable to determine the cost of remediation and other potential adverse impacts of the incident at this stage," the company stated.

Shares of Sun Pharma on Monday closed 1.15 per cent up at Rs 983.95 apiece on the BSE.

The recent ransomware attack on Sun Pharma is another example of how modern cyber attackers continue targeting India's critical industries and infrastructure. According to the Unit42 Ransomware and Extortion Report 2023, of the total ransomware attacks on Indian industries in 2022, six were on manufacturing industries, five on construction firms, and five on professional and legal services.

According to the report, India was the second most attacked country for ransomware in the APAC-Japan region in 2022.

Sun Pharma has already admitted that it would incur expenses in connection with this incident and its remediation. At present, the company is unable to determine the potential adverse impacts of the incident, including but not limited to additional information security incidents, increased costs to maintain insurance coverage, the diversion of management and employee time or the possibility of litigation, it added.

Sun Pharma added that it took prompt steps to contain and remediate the impact of the IT security incident. like employing containment and eradication protocols to mitigate the threat and additional measures to ensure the integrity of its systems infrastructure and data. It is also using global cyber security experts and enhanced security measures to address and mitigate the impact of the incident

A ransomware group has claimed responsibility for this incident.

"The company currently believes that the incident's effect on its IT systems includes a breach of certain file systems and the theft of certain company data and personal data," Sun Pharma said.

Breakdown of leaks for targets in India by Industry  

Industry	No of attacks
Manufacturing	6
Construction	5
Professional and Legal Services	5
Wholesale and Retail	3
Real Estate	3
Other	14