Pharmaceutical giant Novo Nordisk has allegedly refused to pay $US25 million to a ransom gang that claims to have stolen more than a terabyte of sensitive data.

In a 3,500-word message on the dark web, ransom gang FulcrumSec said it was able to move laterally across several of Novo’s cloud environments – including in Github and Amazon Web Services – over a period of more than two months.

While roosted in Novo’s systems, the hackers claimed to have stolen company source code, drug formulas, data related to clinical trials, and hundreds of thousands of employee, doctor and patient data records.

The group said it had also exfiltrated AI models trained and developed by Novo, as well as detailed information about the company’s industrial facilities, and commercial intelligence about controversial weight-management drug Ozempic.

“It remains astonishing to us, even now that we have seen this pattern again and again, that a $400 billion corporation with a dedicated cybersecurity division cannot be bothered to monitor their frontend bundles,” the hackers wrote.

On Tuesday, FulcrumSec published 264GB of the allegedly compromised data to its dark web blog.

Novo confirms incident

Novo confirmed on 11 June, prior to FulcrumSec’s leak, that it had “identified an IT security incident involving unauthorised access to a limited number of internal IT systems”.

Impacted healthcare professionals were at the time warned their names, office locations, registration numbers, email, phone number and WhatsApp details may have been exposed.

“Upon learning of the incident, we launched an investigation with the assistance of external cybersecurity experts, and we are in contact with the relevant authorities,” said the Denmark-based pharmaceutical giant.

On Wednesday, a company spokesperson confirmed Novo was “aware of claims that data allegedly copied ⁠externally without authorisation from our systems has been published online.”

“We take this matter seriously and maintain continued operations of our main platforms,” a spokesperson told Information Age.

“Protecting the security and integrity of our systems and delivering reliable products and support to patients remain our highest priorities.”

From AI models to drug recipes

Among the allegedly stolen data was “33 trained models and 75 datasets” from Novo’s accounts on open-source AI platform HuggingFace.

These AI assets marked the bulk of the alleged data theft, accounting for 1.06 of a total 1.3TB stolen.

On FulcrumSec’s dark web blog, users have the option to download Novo’s allegedly stolen data. (Source: FulcrumSec’s dark web blog.)

FulcrumSec said it had released three of the stolen models as samples: a chemical language model, a cell imaging foundation model, and a “chemical-peptide multi-task representation” model which was purpose-built for Novo’s internal data.

“To be frank, 99% of what these models are capable of is over our heads,” the hackers wrote.

“It will be some time before we are able to consult enough experts in the field to fully understand how powerful they are and how much competitors would love these weights to be in their hands.”

FulcrumSec also claimed to have acquired “recipe” details for numerous Novo medications, including Ozempic and experimental obesity drug amycretin.

Novo refused to pay $US25m ransom, claims FulcrumSec

FulcrumSec said it was first detected by Novo’s security team roughly two weeks after it gained access to the company’s Github accounts, and three weeks after it infiltrated a Microsoft Azure environment.

The hackers further claimed to have gone unnoticed across HuggingFace and identity access management platform Okta, right up until they contacted Novo directly.

“Novo replied to our outreach and engaged with us for several weeks…. until they publicly disclosed the breach on Thursday, 11 June, at which point they went dark,” FulcrumSec claimed.

After demanding $35.4 million ($US25 million), FulcumSec said it was intentionally stalled while Novo prepared to publicly disclose the incident.

On condition of receiving a final response from the company, FulcrumSec supposedly offered to refrain from leaking personally identifiable information (PII) related to 46,843 “Danish physicians”, 2,852 “clinical trial personnel”, and 506,007 investigators at clinical research company IQVIA.

Novo allegedly replied that it would not be paying a ransom, which led FulcrumSec to dump 264GB of purportedly stolen data onto the dark web.

The ransom group said the data dump did not include the PII it had agreed not to publish, nor did it include most of the AI-related data.

The ransom gang said it had also acquired – and opted not to release – data related to certain software and machinery at Novo facilities.

“We do not want to be responsible for publishing data that could endanger manufacturing operations or patient safety,” said FulcrumSec.

On Wednesday, DataBreaches.net reported that Novo concurrently received a US$50 million ransom demand for a separate, smaller data breach against the company.

FulcrumSec said that incident was unrelated to its own, while Novo has reportedly chosen to not pay either ransom.