A Florida Pharma Company Got Hacked for 14 Days Before Anyone Noticed…and they had zero security monitoring to catch it.
In September 2025, a Florida pharmaceutical company got hit with ransomware.
The scary part? Hackers were inside their network for 14 days before anyone realized something was wrong. Fourteen days of mapping systems, planting tools, and preparing for the attack. And the company had no cybersecurity monitoring to detect any of it (not even basic alerts).
The attackers? A ransomware group called Akira. The entry point? A VPN with no multi-factor authentication.
The Timeline
Day 1: Hackers gained VPN access using stolen credentials. No alerts. No detection. Just quiet entry.
Days 1-13: Attackers moved through the network undetected. They installed remote access tools (RustDesk and AnyDesk), accessed devices, and mapped out valuable data. The company had no cybersecurity monitoring (because they didn’t think they needed it).
Day 14: The attack went live. Network reconnaissance, lateral movement, data exfiltration attempts, and disk-level encryption deployed. By the time the company detected something, it was way too late.
The Tools They Used
The attackers used legitimate tools IT departments use every day: RustDesk, AnyDesk, and Advanced IP Scanner.
That’s what makes modern ransomware so dangerous. These tools don’t trigger alarms because they’re not technically malware (they’re just normal IT tools being used maliciously). Without proper monitoring, they look like legitimate IT activity…and the hackers blend right in.
Who Is Akira?
The Akira ransomware group specializes in targeting healthcare and pharmaceutical companies. Their playbook: Double extortion (encrypt + steal data, then demand payment or they publish everything).
This Florida company wasn’t a random target. September 2025 saw a coordinated Akira campaign exploiting SonicWall SSL VPN vulnerabilities across multiple organizations (healthcare was hit particularly hard).
What Went Wrong
- No VPN Security: No multi-factor authentication. Stolen credentials were enough to get in.
- No Monitoring: No EDR. No alerts. No visibility for 14 days.
- No Detection: Nothing triggered alerts because there was no system watching (like driving with your eyes closed).
The Data Question
The official report claims data exfiltration was “blocked.”
But here’s the problem: hackers had unrestricted access for 14 days using remote access tools. It’s nearly impossible to prove data wasn’t copied during that time (and double extortion only works if they got the data).
Is Your Business Making the Same Mistakes?
Ask yourself:
- Does your VPN require multi-factor authentication?
- Do you have EDR monitoring 24/7?
- Would you know within hours if someone installed remote access software?
If you answered “no” or “I don’t know,” you have the same vulnerabilities this pharmaceutical company had. This attack was preventable and the tools existed to stop it, but the company just didn’t have them deployed. Don’t wait for a ransomware attack to find out where your security gaps are.
Is your VPN secure? Do you have monitoring in place?
GiaSpace helps Florida businesses implement the cybersecurity monitoring, VPN security, MFA, and EDR that could have prevented this attack.
👉 Schedule Your Free Security Assessment
Published: Nov 25, 2025
