US-based human plasma collector, tester, and supplier Octapharma Plasma may have been experiencing a ransomware attack pushing the company into operational shutdown, according to a report by The Register.
An unnamed source familiar with the situation reportedly said that Octapharma Plasma fell victim to a BlackSuit ransomware infection on Monday, disrupting operations for its US-based operations.
“All centers are experiencing network issues and are currently closed,” Octa said through a message displayed on its website. “Further updates on reopening will be sent via email, social media, OctaApp, and our website”.
The attack may have a global impact
Octapharma operates a little over 150 blood plasma donation centers across America, all disrupted in the alleged attack. The company employs about 3500 people. Octapharma Group, the parent company based in Germany reported revenue of €3.26 billion for 2023, from operations across 118 countries.
The disruption from the attack, if not contained, will possibly affect Octa’s operations globally, especially its European supplies, according to the source.
“If they don’t restore the systems, they will need to close their factories in Europe as more than 75 percent of their plasma comes from the US,” the source told The Register. “IT management don’t give a s*** about security and they are now learning a lesson.”
BlackSuit hackers are said to have exploited VMware systems to gain entry into OctaPharma before deploying the ransomware.
BlackSuit is known for healthcare-targeting
With earliest traces in May 2023, Blacklist quickly raised concerns because of the group’s striking similarities with Royal ransomware, which itself was a direct successor of the Russian-linked Conti.
More specifically, the group was alerted against its specific targeting of the healthcare systems in the US. In November 2023, the group claimed responsibility for the breach of schools in Central Georgia. Earlier, the group also targeted the Tampa Bay Zoo.
The US Department of Health & Human Services’ Health Sector Cybersecurity Coordination Center (HC3), in the advisory against BlackSuit, pointed out the group’s use of the double extortion method.
“The most recent suspected attack, in October 2023, was against a U.S.-based HPH organization whose servers and systems were encrypted with malware, tentatively identified as BlackSuit,” HC3 had said. Apart from healthcare, the group is believed to be targeting manufacturing, business technology, business retail, and government sectors, across the US, Canada, Brazil, and the UK.