Pharmaceutical firm Inotiv says a ransomware attack encrypted systems and data, disrupting operations, according to its SEC filing.
U.S. pharmaceutical firm Inotiv reported a ransomware attack that encrypted some systems and data, disrupting business operations.
Inotiv is a U.S.-based pharmaceutical research and contract research organization (CRO).
It provides nonclinical and analytical drug discovery and development services for pharmaceutical and biotechnology companies. The company works on areas like toxicology, pathology, bioanalysis, and preclinical testing, helping firms bring new drugs and therapies to market.
It’s also involved in life sciences research products and services, including animal models used in research.
On August 8, 2025, the company discovered a security breach that impacted certain of its systems and data. A threat actor gained unauthorized access and encrypted some of the company’s systems. The pharmaceutical firm launched an investigation with the help of external cybersecurity experts and notified law enforcement.
The incident disrupted company’s operations, limiting access to data and applications. The firm is restoring systems and using offline alternatives, with no set timeline for full recovery.
“On August 8, 2025, Inotiv, Inc. (the “Company”) became aware of a cybersecurity incident affecting certain of its systems and data. The Company’s preliminary investigation determined that a threat actor gained unauthorized access to, and encrypted certain of, the Company’s systems. Upon identifying encrypted systems, the Company took steps to contain, assess, and remediate the cybersecurity incident, including initiating an investigation, engaging external cybersecurity specialists, and restricting access to certain of its systems. The Company has also notified law enforcement.
The cybersecurity incident has caused, and is expected to continue to cause, disruptions to certain business operations of the Company. The incident has temporarily impacted the availability of and access to certain of the Company’s networks and systems, including access to portions of internal data storage and certain internal business applications.” reads the FORM 8-K report filed with SEC. “The Company is currently working to bring the impacted portions of its systems back online. In addition, and at the same time, the Company initiated its business continuity strategy and has transitioned certain operations to offline alternatives with the aim of reducing disruption to its business. While the Company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known.”
Inotiv’s investigation is ongoing, and the full scope, including potential operational and financial impacts, is not yet known, so material effects remain undetermined.
While the company did not reveal the name of the group that targeted its infrastructure, the Qilin ransomware group claimed responsibility for the attack.
The group has allegedly stolen around 176GB of data (161967 files), they also published some images of stolen documents on their Tor data leak site.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
