{
	"id": "4a9408b1-032d-430b-8848-8ab5ac08e70c",
	"created_at": "2026-04-06T00:11:35.069577Z",
	"updated_at": "2026-04-10T03:21:44.711414Z",
	"deleted_at": null,
	"sha1_hash": "b06666780409a4db4c0e7c4e4afb62de0d453878",
	"title": "Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 4033607,
	"plain_text": "Leading cosmetics group Pierre Fabre hit with $25 million ransomware\r\nattack\r\nBy Lawrence Abrams\r\nPublished: 2021-04-09 · Archived: 2026-04-05 19:56:29 UTC\r\nLeading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially\r\ndemanded a $25 million ransom, BleepingComputer learned today.\r\nPierre Fabre is the second largest pharmaceutical group in France and the second largest dermo-cosmetics laboratory\r\nglobally. With over 10,000 worldwide, Pierre Fabre developers a wide variety of products ranging from chemotherapy drugs\r\nto skincare products.\r\nLast week, Pierre Fabre announced that they had suffered a cyberattack on March 31st that they brought under control in\r\nless than 24 hours.\r\nhttps://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nHowever, to contain the spread, Pierre Fabre states that they had to perform a gradual and temporary halt to most production\r\nactivities.\r\n\"As a precaution, and in line with its risk management plan, the Group's information system was immediately put into\r\nstandby mode to curb the spread of the virus.\"\r\n\"This led to the gradual, temporary stoppage of most production activities (except for the production facility in Gaillac (in\r\nthe Tarn in France), which manufactures active ingredients for pharmaceuticals and cosmetic products),\" disclosed Pierre\r\nFabre.\r\nAt the time, Pierre Fabre did not reveal what type of cyberattack they suffered.\r\nPierre Fabre hit by REvil ransomware attack\r\nSince then, BleepingComputer has confirmed that Pierre Fabre suffered a ransomware attack by a hacking group known as\r\nREvil/Sodinokibi.\r\nREvil is a ransomware-as-a-service operation, where the core malware developers recruit affiliates to compromise corporate\r\nnetworks, steal unencrypted data, and then encrypt devices. If a ransom payment is made, the core developers and the\r\naffiliate split the payment in an agreed-upon revenue share, with the affiliates usually getting the larger share.\r\nWhile we still do not have many details regarding the attack, BleepingComputer was recently sent a link for a REvil Tor\r\npayment page allegedly from the Pierre Fabre ransomware attack.\r\nThis Tor payment page shows the ransomware gang demanding a $25 million ransom. As there has been no contact by the\r\nvictim, and the time limit expired, the REvil ransom has doubled to $50 million.\r\nPierre Fabre ransom demand from the REvil gang\r\nSource: BleepingComputer\r\nWhile the payment page does not indicate who the victim is, the sites's chat screen shows a message from the threat actors\r\nstating that they are about to Pierre Fabre's data. This message is too further scare the company into paying a ransom.\r\nhttps://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/\r\nPage 3 of 5\n\nREvil chat screen with a link to a hidden Pierre Fabre data leak page\r\nSource: BleepingComputer\r\nThis link leads to a currently hidden REvil data leak page for Pierre Fabre, which contains images of allegedly stolen\r\npassports, a company contact list, government identification cards, and immigration documents.\r\nHidden REvil data leak page for Pierre Fabre\r\nSource: BleepingComputer\r\nREvil has been going on a cyberattack spree over the past month where they have been attacking large companies and\r\ndemanding ridiculously high ransom demands. These attacks include Acer with a $50 million demand and Asteelflash with a\r\n$24 million demand. \r\nhttps://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/\r\nPage 4 of 5\n\nBleepingComputer has reached out to Pierre Fabre multiple times, and our emails have bounced back. We have also\r\ncontacted them via their online contact form and have never received a response.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/"
	],
	"report_names": [
		"leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434295,
	"ts_updated_at": 1775791304,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b06666780409a4db4c0e7c4e4afb62de0d453878.pdf",
		"text": "https://archive.orkl.eu/b06666780409a4db4c0e7c4e4afb62de0d453878.txt",
		"img": "https://archive.orkl.eu/b06666780409a4db4c0e7c4e4afb62de0d453878.jpg"
	}
}