LockBit claims ransomware attack on pharma giant Granules India

The Russia-linked ransomware group LockBit has claimed responsibility for a cyberattack on Indian pharmaceutical giant Granules India, and published portions of the data it allegedly stole.

LockBit’s dark web leak site listed Granules India as one of its latest victims on Wednesday, according to a listing seen by TechCrunch.

Granules India has yet to confirm the ransomware attack. However, the company last month disclosed to Indian stock exchanges a cybersecurity incident. At the time, it stated that the affected IT assets were isolated.

“The company is investigating the matter with utmost priority. The appropriate containment and remediation actions are being taken in a controlled manner to address the incident,” the company had said in its stock exchange filing (PDF) on May 25.

Granules India did not respond to a request for comment. TechCrunch also informed the Indian Computer Emergency Response Team (CERT-In) about the incident prior to publication.

Founded in 1984, Granules India is one of the largest Indian pharmaceutical manufacturers in India. The Hyderabad-based company produces many common off-patent drugs, such as paracetamol, ibuprofen and metformin. The company also has more than 300 customers in over 80 countries around the world, per the details available on its website.

Last month, Granules India reported a 7.8% rise in quarterly profit to $14.6 million¬†for the quarter ended March 31. The company’s shares closed slightly lower at $3.50 on Thursday from the previous share price of $3.48.

LockBit emerged as the most deployed ransomware variant worldwide in 2022 and 2023 so far, according to a recently released joint advisory by the U.S. federal cybersecurity agency CISA and its international counterparts in Australia, Canada, France, Germany, New Zealand and the United Kingdom. The ransomware gang was first spotted on Russian language-based cybercrime forums in January 2020.

In the last few months, the ransomware gang claimed attacks on various prominent tech companies, including IT services company Accenture and tech manufacturer Foxconn¬†as well as the U.K. health service vendor Advanced and British postal service Royal Mail. The state of California’s finance department, the Los Angeles housing authority and financial software firm Ion Group are also among the ransomware group’s victims.

LockBit threat actors have extorted approximately $91 million in ransoms through about 1,700 attacks targeting U.S. victims since 2020, the recent advisory U.S. and international joint advisory said.