U.S.-based biopharmaceutical company Supernus Pharmaceuticals has fallen victim to a ransomware attack that resulted in a large amount of data being stolen from the company's network.

Supernus Pharmaceuticals is a biopharmaceutical company focused on developing and commercializing products for the treatment of central nervous system (CNS) diseases.

The incident took place in mid-November 2021 when a ransomware gang encrypted certain files on Supernus Pharmaceuticals’s systems and deployed malware to block access to the systems. The attackers then threatened to publish stolen data if the company does not pay the ransom.

Despite this, Supernus Pharmaceuticals said that the attack had no significant impact on the business and did not cause any serious disruption to its operations.

“Upon detection of the ransomware, the Company notified government authorities, engaged cybersecurity experts and its outside law firm, and commenced its recovery process. The Company successfully recovered the impacted files and has taken additional steps designed to further protect its networks and files,” Supernus said in a press release disclosing the incident.

“To date, the Company has not paid any ransom and has been able to restore all of the information encrypted by the criminal ransomware group.”

“Although to date the Company’s business and operations have not been significantly impacted by the incident, there is no assurance that further attacks may not significantly impact the Company’s business or operations and that information improperly obtained by the criminal ransomware group may not be exploited by the criminal ransomware group or other third parties. The Company will take appropriate action to protect any stolen confidential information and will continue to investigate the incident and monitor the situation going forward,” Supernus added.

While Supernus did not reveal what ransomware was involved in the attack, last week, operators of the Hive ransomware announced on their leaks website on that they compromised Supernus Pharmaceuticals’ network on November 14, and stole 1.5 TB of data. The group said that the stolen data will be released online soon.

The hackers also said that despite Supernus’ claims that it does not intend to pay the ransom, the company has been negotiating with them ever since the attack occurred.