BlackCat (also known as ALPHV, both named after the ransomware of the same name) said they’ve encrypted Henry Schein’s systems after failed negotiations with Coveware, which describes itself as “ransomware recovery first responders.”

The cyber gang said they’ve stolen 35 TB of “sensitive data,” including “internal payroll data and shareholder folders.”

Henry Schein disclosed a cyber security incident on October 15 and has offered few details.

The latest update came in a Securities and Exchange Filing this week asking for more time to file its quarterly report for the three months ended Sept. 30. The company said it wouldn’t be able to file on time “due to information access limitations arising from the company’s decision to shut down certain operations as a precautionary measure as a result of the cybersecurity incident.”

The BlackCat/ALPHV group reportedly added Henry Schein to its dark web leak site last month. This week, the group threatened to post data as soon as today and said it has already cost Henry Schein $150 million.