West Pharmaceutical Services suffered a ransomware attack on May 4, 2026, where attackers exfiltrated data before deploying ransomware, prompting the company to proactively shut down and isolate its on-premise infrastructure. The company engaged Unit 42 for incident response, and while core systems have been restored, a full recovery timeline and the extent of data compromise are still under investigation. The specific ransomware group and attack vector were not identified in the report.
Ransomware West Pharmaceutical Services hit by ransomware attack May 13, 2026 Share By SC Staff Per Security Week, Pennsylvania-based West Pharmaceutical Services is working to recover from a ransomware attack that occurred on May 4, impacting its global operations and leading to a proactive shutdown of affected systems. The pharmaceutical packaging and delivery systems manufacturer experienced a ransomware attack on May 4, prompting the company to proactively shut down and isolate its on-premise infrastructure. This containment measure disrupted business operations worldwide. West Pharmaceutical Services engaged Palo Alto Networks' Unit 42 for incident response and system restoration. While core enterprise systems have been restored and some critical processes have restarted, a complete restoration timeline is not yet finalized. The attackers reportedly exfiltrated data before deploying ransomware, and the company is investigating the extent of the compromised data. Although the specific ransomware group has not been identified, West Pharmaceutical Services has taken steps to mitigate the risk of data dissemination. The company has not yet determined if the attack will have a material financial impact. Source: Security Week An In-Depth Guide to Ransomware Get essential knowledge and practical strategies to protect your organization from ransomware attacks. Learn More SC Staff Related Phishing Signal enhances security with new features to combat phishing attacks SC Staff May 13, 2026 The messaging app is implementing several new features to protect users from scams, particularly those impersonating Signal Support. Breach Škoda Auto discloses data breach after online shop hack SC Staff May 13, 2026 Attackers exploited an unspecified vulnerability in the software of Škoda's e-commerce portal to gain unauthorized access. Phishing Frame Security launches with $50 million to combat AI-driven social engineering SC Staff May 12, 2026 Frame Security's platform leverages AI to create realistic attack simulations and provide tailored, on-the-spot guidance to employees. Related Events Cybercast Ransomware reloaded: Finding resilience when attackers wield AI On-Demand Event Virtual Conference Ransomware Resilience: Strategies to Defend, Mitigate, and Recover On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds