Roche confirms cyber-attack from Winnti malware

The pharmaceutical company Roche has affirmed that it was hit by a Winnti cyber-attack, thought to be supported by the Chinese government.

Roche has confirmed that it experienced a cyber-attack, after being named in a German public radio report. The cyber-attack used malware known as Winnti and, according to experts, the hackers are tied to the Chinese government. Bayer was also targeted by Winnti attacks last year.

The company has stated that no sensitive information has been lost.

“Roche has been targeted by various attackers in the past, including the group known as Winnti. These attacks were detected and remediated,” a company spokesperson said. “Roche hasn’t lost any sensitive personal data of our employees, patients, customers or business partners.”

The company has said that it works with authorities in the US, Europe and Switzerland to combat cyber-security threats. It also shares information with other companies about ‘ongoing threats’.

Bayer has confirmed that there was no evidence sensitive data had been tapped in its attack earlier this year.

In 2017, Merck & Co has its active pharmaceutical ingredients (API) production and some R&D systems seriously disrupted by the NotPetya attack, highlighting the need for cyber-security for pharmaceutical companies.

A range of other German companies were also affected by the attack.