bianlian attacks Aarti Drugs Ltd
Incident Date:
October 4, 2022
Overview
Title
bianlian attacks Aarti Drugs Ltd
Victim
Aarti Drugs Ltd
Attacker
Bianlian
Location
First Reported
October 4, 2022
Ransomware Attack on Aarti Drugs Ltd.
Company Overview
Aarti Drugs Ltd., established in 1984, is a key player in the pharmaceutical manufacturing sector, focusing on Active Pharmaceutical Ingredients (APIs), Pharma Intermediates, Specialty Chemicals, and Formulations through its subsidiary, Pinnacle Life Science Private Limited. The company boasts 13 manufacturing facilities and a global presence in over 100 countries, generating revenue of slightly over ₹620 crore.
Vulnerabilities and Impact
In September 2022, Aarti Drugs Ltd. fell victim to a ransomware attack orchestrated by the BianLian ransomware group, which subsequently claimed responsibility and leaked confidential information on a dark web forum. The attack compromised a significant amount of business and administration data, including loan documents and tax filings. The attackers demanded a ransom of 20 BTC (approximately ₹15.8 lakh) for the decryption key. Despite this, around 6 GB of data was sold on the group's dark web site, encompassing financial scans, HR data, insurance details, workflow data, research data, and personal documents of employees.
Response and Mitigation
This incident underscores the critical need for enhanced cybersecurity measures within the pharmaceutical sector, especially against the backdrop of an uptick in ransomware attacks. It is imperative for companies to bolster their cyber resilience and invest in sophisticated infrastructure to safeguard against such threats.
Sources
- Aarti Drugs Ltd. Website
- "After Ipca Laboratories, pharma major Aarti Drugs hit by ransomware attack; data leaked on dark web" by CISO, Economic Times India
- "Ransomware Attack On Pharma Company Aarti Drugs" by The420.in
- "Aarti Drugs Ltd. and Ipca Laboratories Limited were hit by ransomware attacks on Sept. 9th and Sept. 10th respectively" by iValue Infosolutions Pvt. Ltd.
- "Ransomware Attacks: The State Of Play As Indian Firms Mount Defense" by Scrip
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.