French pharmaceutical and cosmetics company Pierre Fabre has been hit with a REvil ransomware attack, with hackers demanding $25 million ransom from the manufacturer.

Last week, Pierre Fabre revealed it was the target of a cyberattack that the company brought under control in less than 24 hours. The incident took place on March 31. After learning about the cyberattack the company immediately put its IT system put into standby mode to prevent the infection from spreading. This led to the “temporary stoppage of most production activities (except for the production facility in Gaillac (in the Tarn in France), which manufactures active ingredients for pharmaceuticals and cosmetic products).”

In its announcement the company did not mention what kind of malware was used in the attack, however, according to Bleeping Computer, Pierre Fabre appears to be the victim of the REvil (Sodinokibi) ransomware operation.

According to the REvil’s Tor payment page, the group initially demanded $25 million ransom from the company, though the ransom had since been doubled to $50 million as Pierre Fabre had not contacted the attackers and the time limit expired.

The payment page does not indicate who the victim is, however, it contains a link to a currently hidden REvil data leak page for Pierre Fabre, which contains images of allegedly stolen passports, a company contact list, government identification cards, and immigration documents, according to Bleeping Computer.

In January 2021, massive pan-Asian retail chain operator Dairy Farm Group that operates numerous brands in the Asia market, was reportedly hit by the REvil ransomware operation, with attackers demanding $30 in ransom. Most recently, the gang attacked the world-leading French electronics manufacturing services (EMS) company Asteelflash. The company managed to contain the attack and said it has no evidence any data was stolen.