Ransomware Hits Indian Pharma Giant KLab: 126.5 GB Data at Risk
Incident Date:
August 2, 2024
Overview
Title
Ransomware Hits Indian Pharma Giant KLab: 126.5 GB Data at Risk
Victim
Khandelwal Laboratories Pvt
Attacker
Hunters International
Location
First Reported
August 2, 2024
Ransomware Attack on Khandelwal Laboratories Pvt. Ltd. by Hunters International
Khandelwal Laboratories Pvt. Ltd. (KLab), a prominent Indian pharmaceutical company, has fallen victim to a ransomware attack orchestrated by the Hunters International group. The cybercriminals claim to have exfiltrated 126.5 GB of sensitive data and have threatened to publish it within the next 2 to 3 days if their demands are not met.
About Khandelwal Laboratories Pvt. Ltd.
Established in 1945 and headquartered in Mumbai, KLab is a privately owned pharmaceutical company specializing in research and development, manufacturing, distribution, marketing, and licensing of patented pharmaceutical formulations, novel drug delivery systems (NDDS), and niche active pharmaceutical ingredients (APIs). The company operates three WHO-GMP approved manufacturing facilities located in Thane, Rudrapur, and Dadra, focusing on oncology, antibiotics, and pain and spasm management. With over 1,000 employees, KLab is a key player in the Indian pharmaceutical market, known for its pioneering work in oncology products.
Attack Overview
The ransomware group Hunters International has claimed responsibility for the attack on KLab via their dark web leak site. The group asserts that they have infiltrated the company's systems and exfiltrated a substantial amount of sensitive data. The threat to publish this data poses significant risks to KLab's confidential information and operations.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Potential Vulnerabilities
KLab's extensive operations and significant role in the pharmaceutical industry make it an attractive target for ransomware groups. The company's reliance on digital systems for research, development, and manufacturing processes could have provided multiple entry points for the attackers. Additionally, the sensitive nature of the data handled by KLab, including proprietary formulations and patient information, increases the potential impact of such an attack.
Penetration Methods
While the exact method of penetration used by Hunters International in this attack is not yet confirmed, the group's tactics often involve phishing emails, exploiting unpatched vulnerabilities, and leveraging stolen credentials. The technical overlap with Hive ransomware suggests that Hunters International may have used similar encryption methods and operational strategies to infiltrate KLab's systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.