On August 8, 2025, US pharmaceutical research organization Inotiv discovered it had fallen prey to a devastating ransomware attack by Qilin, a cybercriminal, Ransomware-as-a-Service (RaaS) operation that is now one of the most feared cyberthreats. Qilin not only launched its attack on Inotiv but also posted stolen data from the attack on its dark web leak site. Qilin is thought to have exfiltrated around 17 GB of sensitive data, including financial records, research contacts, and employee information. The organization also encrypted many of Inotiv’s key systems, severely disrupting its operations. Such was the impact on Inotiv that the pharmaceutical research giant was forced to take affected systems offline and undertake various aspects of its work manually. It comes at a difficult time for Inotiv, as the organization is already under regulatory scrutiny following a $35 million animal cruelty fine imposed in 2024 related to its subsidiaries. The incident raises the need for greater proactivity when it comes to keeping organizations’ data safe.
The Rise of Qilin
Qilin has been offering its RaaS services since 2021. Since its inception, it has targeted a wide array of organizations, including media, hospitals, and manufacturing companies. Its recent attacks have relied on aggressive extortion methods like Distributed Denial-of-Service (DDoS) accompaniments, which are used alongside other tactics to achieve greater destruction. Qilin has relied on distraction, for instance, to occupy IT and security staff so that attackers can deploy ransomware, encrypt files, and exfiltrate sensitive data without being discovered. Next, Qilin leverages extortion, threatening to continue or intensify attacks until a ransom is paid. DDoS attacks are also being used to disrupt online operations, especially during peak business times such as product launches and the holiday shopping season.
The Impact on Operations
Qilin’s ransom attacks have major economic and reputational consequences for victims. The average ransomware payment for 2024 was USD 2.73 million, and the largest confirmed payment was USD 75 million by Cencora, a top-10 Fortune 500 pharmaceutical distributor, to the Dark Angels ransomware group.
Attacks can also severely disrupt operations. The average downtime from ransomware attacks spans several weeks. Inotiv has failed to provide a timeline for a full restoration of its affected systems, meaning it has been dealing with the impact of the threat for years.
Akira and Medusa
Other big players on the ransomware scene include Akira and Medusa, both of which have been highly active this year. Akira has targeted organizations from numerous industries, including manufacturing, education, and finance, and is known for its ability to exploit vulnerabilities in remote access solutions, such as Cisco VPNs. Akira often employs the tactic of double extortion. Its ransomware boasts variants for Windows and Linux alike, increasing its reach. Medusa, meanwhile, is known for its aggressiveness. Like Qilin, it operates a RaaS model, employing social media and channels like Telegram to pressure and embarrass victims who are unwilling or unable to pay. Medusa has already owned up to attacking hundreds of victims in sectors such as education, healthcare, and government.
Embracing Advanced Protections
Companies can protect themselves against ransomware attacks via multiple strategies, including regular backups, endpoint protection, network segmentation, and patch management. They should additionally engage in behavioral monitoring (looking out for unusual file access patterns), test suspicious files, and embrace “application whitelisting,” which only allows approved programs to execute. Network intrusion detection, multi-factor authentication, e-mail security, and a comprehensive incident response plan can also help to prepare teams to isolate infected systems immediately.
Qilin, Akira, and Medusa are all employing sophisticated tactics to threaten organizations’ security. Qilin, for instance, recently launched a massive attack on Inotiv, infiltrating a large amount of sensitive data. Organizations need to stay one step ahead by embracing a multi-pronged strategy; one that includes frequent backups, network segmentation, and smart incident response.