West Pharmaceutical Services Hit by Ransomware, Systems Taken Offline Globally

West Pharmaceutical Services, a Pennsylvania-based pharmaceutical manufacturing giant, has confirmed a ransomware attack that disrupted operations across its global footprint after attackers exfiltrated data and deployed file-encrypting ransomware.

The attack occurred on May 4 and prompted the company to proactively shut down and isolate affected on-premise infrastructure. In an SEC filing on Monday, West Pharmaceutical Services said the containment measures disrupted business operations globally. The company restricted access to enterprise systems and activated crisis management protocols.

West Pharmaceutical Services retained Palo Alto Networks' Unit 42 for incident response, containment, and investigation, and has notified law enforcement.

The company says core enterprise systems have been restored and critical shipping, receiving, and manufacturing processes have restarted at some sites, though a full restoration timeline has not been finalized.

According to the SEC filing, the attackers exfiltrated data before deploying ransomware. The company said it "has taken steps intended to mitigate the risk of dissemination of the exfiltrated data" — language that strongly suggests ransom negotiations or payment took place. No ransomware group has publicly claimed the attack, further supporting that possibility.

West Pharmaceutical Services has not disclosed what type of data was stolen, whether personal information was involved, or how many individuals may be affected. The company also said it has not yet determined whether the incident will have a material impact on its financial condition.

Founded in 1923, West Pharmaceutical Services is a major supplier of injectable drug delivery systems and components used across the global pharmaceutical and biotech industries.

Bottom Line

Organizations in pharmaceutical supply chains should treat this as a signal to review their own ransomware preparedness. The attack followed a classic double-extortion pattern — exfiltration followed by encryption — and the global operational shutdown underscores how quickly ransomware can cascade through manufacturing environments. Security teams should ensure network segmentation between IT and OT systems, validate backup integrity, and confirm that incident response plans account for multi-site operational disruption.