Pharmaceutical Firm Inotiv Discovers Ransomware Attack, Qilin Group Claims Responsibility

In a recent disclosure, pharmaceutical firm Inotiv revealed that it had fallen victim to a ransomware attack, which encrypted some of its systems and data, disrupting the company's operations. The incident, which occurred on August 8, 2025, has left the company with no set timeline for full recovery, as it continues to work diligently to restore affected functions and systems access.

Inotiv is a U.S.-based pharmaceutical research and contract research organization (CRO), providing nonclinical and analytical drug discovery and development services for pharmaceutical and biotechnology companies. The company's expertise spans various areas, including toxicology, pathology, bioanalysis, and preclinical testing, helping firms bring new drugs and therapies to market. Additionally, Inotiv is involved in life sciences research products and services, including animal models used in research.

The company discovered a security breach on August 8, 2025, which impacted certain of its systems and data. A threat actor gained unauthorized access and encrypted some of the company's systems, disrupting business operations. Inotiv launched an investigation with the help of external cybersecurity experts and notified law enforcement, indicating that the incident was taken seriously from the outset.

"On August 8, 2025, Inotiv, Inc. (the “Company”) became aware of a cybersecurity incident affecting certain of its systems and data," reads the FORM 8-K report filed with SEC. "The Company's preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the Company's systems. Upon identifying encrypted systems, the Company took steps to contain, assess, and remediate the cybersecurity incident, including initiating an investigation, engaging external cybersecurity specialists, and restricting access to certain of its systems."

The company has also notified law enforcement and is currently working to bring the impacted portions of its systems back online. In addition, it has initiated a business continuity strategy, transitioning certain operations to offline alternatives with the aim of reducing disruption to its business.

However, the timeline for a full restoration of affected functions and systems access remains unknown. While Inotiv's investigation is ongoing, the full scope, including potential operational and financial impacts, is not yet known, so material effects remain undetermined.

Interestingly, the Qilin ransomware group has claimed responsibility for the attack. The group has allegedly stolen around 176GB of data (161967 files) and published some images of stolen documents on their Tor data leak site. This highlights the severity of the incident and the potential risks associated with cyberattacks.

In conclusion, Inotiv's recent ransomware attack serves as a reminder of the importance of cybersecurity measures in today's digital landscape. The company's efforts to restore its systems and mitigate the impact of the attack are commendable, but the incident also underscores the need for ongoing vigilance and preparedness against such threats.

Follow us on Twitter: @securityaffairs and Facebook and Mastodon