Home IT News A Cyber Attack Paralyzes Production Of Pierre Fabre

A Cyber Attack Paralyzes Production Of Pierre Fabre


The pharmaceutical group confirms that it was the victim of a cyber attack on the night of March 30 to 31. The impact of the attack is not yet clear, but some production sites are shut down.
Bad surprise for the Pierre Fabre group: the management of the pharmaceutical and cosmetics group confirmed with AFP the information from France Bleu Occitanie, which announced yesterday that the company had been the victim of a computer attack that paralyzed several production sites. According to France Bleu, the attack took place on the night of March 30 to 31, at 4 a.m.
Several union sources relayed by AFP and the Dépêche du Midi confirm that employees have been sent home pending new information. The group's communications director evokes "an IT problem which led us to suspend part of our production activities" but ensures that the distribution of products is not affected. Several sources nevertheless maintain that all of the group's production sites are shut down and that the sites responsible for distribution are also affected, the management having imposed on its employees at the Muret distribution center to take one day compulsory leave on the 1st April, due to the "computer incident". The group has a total of fifty sites around the world, including fifteen based in France.
The management indicates for its part that only "part" of its production activities is affected, without giving more details on the extent of the incident. Technical teams are working to restore production, pending further details on the nature of the attack and the impact of this "IT problem" on the operation of the business.

Crisis communication

It's hard not to think of a ransomware attack, given the timeline and the impact of the incident on the production line. The group's communication remains very cautious, and only mentions a "computer problem", without mentioning a ransom demand or computer attack.
So far, no known ransomware group has publicly claimed responsibility for the attack, but it is still a bit early: Ransomware groups usually leave a period of a few days after the malware is triggered to open negotiations with the victim on the payment of the ransom. The claim and the possible publication of the data stolen during the attack only intervene in a second step, in order to increase the pressure on the victims and push them to give in.
Since 2014, the group's IT system has been in the hands of a consortium made up of Thalès and Consort NT , which won the group's call for tenders for outsourcing. La Dépêche announced in 2018 that this contract had been extended for two years, until 2021. The management of the incident is therefore likely to weigh in the balance for the consortium of service providers, if they hope to keep their customers.