bianlian attacks Aarti Drugs Ltd

Incident Date:

October 4, 2022

World map

Overview

Title

bianlian attacks Aarti Drugs Ltd

Victim

Aarti Drugs Ltd

Attacker

Bianlian

Location

Mumbai, India

, India

First Reported

October 4, 2022

Ransomware Attack on Aarti Drugs Ltd.

Company Overview

Aarti Drugs Ltd., established in 1984, is a key player in the pharmaceutical manufacturing sector, focusing on Active Pharmaceutical Ingredients (APIs), Pharma Intermediates, Specialty Chemicals, and Formulations through its subsidiary, Pinnacle Life Science Private Limited. The company boasts 13 manufacturing facilities and a global presence in over 100 countries, generating revenue of slightly over ₹620 crore.

Vulnerabilities and Impact

In September 2022, Aarti Drugs Ltd. fell victim to a ransomware attack orchestrated by the BianLian ransomware group, which subsequently claimed responsibility and leaked confidential information on a dark web forum. The attack compromised a significant amount of business and administration data, including loan documents and tax filings. The attackers demanded a ransom of 20 BTC (approximately ₹15.8 lakh) for the decryption key. Despite this, around 6 GB of data was sold on the group's dark web site, encompassing financial scans, HR data, insurance details, workflow data, research data, and personal documents of employees.

Response and Mitigation

This incident underscores the critical need for enhanced cybersecurity measures within the pharmaceutical sector, especially against the backdrop of an uptick in ransomware attacks. It is imperative for companies to bolster their cyber resilience and invest in sophisticated infrastructure to safeguard against such threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.