The attack was identified on the 14th of March and finished on the 21st of March when the data theft was discovered. Affected individuals were not notified until May 12th. As is common, PharMerica is offering identity protection services for anyone that was part of the data stollen. Money Message is who claimed the attack on the 28th with a publication of some of the data that was stollen (like in the MSI breach). PharMerica had not publicly disclosed the type of attack that resulted in the data loss, but it now would appear to potentially have been ransomware related.

Money Message, in addition to MSI, has also claimed to have data from BrightSpring which merged with PharMerica in 2019, The 4.7 TB of data that Money Message stole was published in its entirety at the beginning of April when the clock ran out on the data disclosure clock. According to some reports the data is still available for download while someone else has made the data available on a hacking forum in smaller to download chunks.

Once again Ransomware is going to be a big thing in 2023 and into 2024, threat groups are working on new methods for deploying their wares. The leak of the Babuk source code and increased revenue sharing from Ransomware as a Service groups will put this into the forefront very quickly. There are ways to protect against it and ways to recover from it. The challenge is to stop it, before it can even start as recovery tools are no longer effective from data disclosure threats. Even if a company refuses to pay for the stollen data it just means that others are at risk and the data can be used for follow-on attacks. It is almost a no-win to some extent. For now, increased training, modern MDR/XDR and Network tools to monitor for data exfiltration are the best bet to head off this threat.