{ "id": "484cb74b-3e0f-432b-9d61-434402ae1ff9", "created_at": "2026-04-06T00:06:37.554275Z", "updated_at": "2026-04-10T03:26:47.051894Z", "deleted_at": null, "sha1_hash": "8e1cfd947fdef0cb8cd1fc7d79156734c10d2f38", "title": "Pharmaceutical development company investigating cyberattack after LockBit posting", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 74465, "plain_text": "Pharmaceutical development company investigating cyberattack\r\nafter LockBit posting\r\nBy Jonathan Greig\r\nPublished: 2024-03-19 · Archived: 2026-04-05 22:40:20 UTC\r\nA Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following\r\nclaims from the LockBit ransomware gang that data was stolen. \r\nA spokesperson for Crinetics Pharmaceuticals — a clinical stage company focused on the development and\r\ncommercialization of therapeutics for endocrine diseases and endocrine-related tumors — told Recorded Future\r\nNews that it recently discovered “suspicious activity in an employee’s account and disabled it on the same day.”\r\n“Crinetics immediately activated its cybersecurity incident response process, initiated an investigation, engaged\r\nthird-party cybersecurity experts to assist, and notified law enforcement,” the spokesperson said. \r\n“The company also implemented additional company-wide security measures and contained the incident. This\r\nincident has not affected the company’s operations or its discovery and study databases. Crinetics takes all\r\nsecurity-related matters seriously and we are committed to conducting a full investigation, which is currently\r\nongoing, and will provide any legal notifications required.”\r\nOn Sunday, Crinetics was added to the leak site of LockBit — a ransomware gang whose infrastructure was\r\nrecently disrupted by law enforcement agencies around the world. \r\nThe gang demanded a $4 million ransom and set a deadline for March 23. Crinetics did not respond to questions\r\nabout whether they were dealing with a ransomware attack\r\nFor about three weeks, LockBit has tried to revive its operation but has struggled to recover from the takedown,\r\nwhich saw the FBI and other agencies seize their hacking tools, cryptocurrency accounts and source code.\r\nThe group’s alleged leader, LockBitSupp, recently spoke to the Click Here podcast and vowed to continue\r\nlaunching attacks. \r\n“I plan to continue working until my death. I don’t have a goal for a year or for five years. My only goal in life is\r\nto attack one million companies around the world and go down in human history as the most destructive affiliate\r\nprogram. Once I reach one million businesses on my blog, I will retire forever,” LockBitSupp said. \r\nAlthough LockBitSupp acknowledged that the FBI operation was successful, he pledged to rebound from the\r\nincident and restore the gang’s prominence. While some researchers have said the gang has mostly been posting\r\nold data stolen before the law enforcement takedown, some of the victims posted in the last week appear to\r\ncorrelate to new attacks. \r\nhttps://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit\r\nPage 1 of 3\n\nBefore the operation, LockBit was the most prolific ransomware gang in the world, launching thousands of attacks\r\non hospitals, governments and businesses globally. \r\nResearchers at Recorded Future attributed nearly 2,300 attacks to this threat actor and the U.S. Justice Department\r\nsaid the group received more than $120 million in ransom payments since it began operating. \r\nSo far, several people alleged to be linked to the LockBit gang have been arrested in Ukraine and Poland, with\r\nmore arrests expected.\r\nPharmaceutical companies continue to be a focus for ransomware gangs, with multiple large corporations attacked\r\nover the last year. Japanese pharmaceutical company Eisai, Sun Pharmaceuticals and PharMerica have all faced\r\nattacks. Last month, global pharmaceutical corporation Cencora said it recently discovered that intruders had\r\nstolen data from its networks.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit\r\nPage 2 of 3\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit\r\nhttps://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/pharmaceutical-development-company-investigating-cyber-incident-lockbit" ], "report_names": [ "pharmaceutical-development-company-investigating-cyber-incident-lockbit" ], "threat_actors": [ { "id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5", "created_at": "2022-10-25T16:07:23.797925Z", "updated_at": "2026-04-10T02:00:04.752608Z", "deleted_at": null, "main_name": "LockBit Gang", "aliases": [ "Bitwise Spider", "Operation Cronos" ], "source_name": "ETDA:LockBit Gang", "tools": [ "3AM", "ABCD Ransomware", "CrackMapExec", "EmPyre", "EmpireProject", "LockBit", "LockBit Black", "Mimikatz", "PowerShell Empire", "PsExec", "Syrphid" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775433997, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8e1cfd947fdef0cb8cd1fc7d79156734c10d2f38.pdf", "text": "https://archive.orkl.eu/8e1cfd947fdef0cb8cd1fc7d79156734c10d2f38.txt", "img": "https://archive.orkl.eu/8e1cfd947fdef0cb8cd1fc7d79156734c10d2f38.jpg" } }