LockBit, a Russia-linked ransomware group, has admitted to attacking Granules India, a major Indian pharmaceutical company, and has released some of the stolen data.
According to a listing seen by TechCrunch, Granules India was recently added to LockBit’s dark web leak site as a victim of their ransomware attack.
Although Granules India has not confirmed the attack, they did disclose a cybersecurity incident to Indian stock exchanges last month. They stated that the affected IT assets were isolated and that they were actively investigating and addressing the situation.
Granules India did not respond to requests for comment, and TechCrunch informed the Indian Computer Emergency Response Team (CERT-In) about the incident prior to publishing the article.
Established in 1984, Granules India is one of the largest pharmaceutical manufacturers in India. They produce common off-patent drugs and have over 300 customers in more than 80 countries.
In the last quarter, Granules India reported a 7.8% increase in profit. However, their shares closed slightly lower on Thursday.
LockBit has become one of the most widespread ransomware variants globally since 2022, according to a joint advisory by the U.S. Federal cybersecurity agency CISA and international counterparts. The group was first observed on Russian cybercrime forums in January 2020.
LockBit has recently targeted various well-known tech companies, including Accenture, Foxconn, Advanced, Royal Mail, and others. They have also targeted government entities such as the California finance department and the Los Angeles housing authority.
According to the joint advisory, LockBit has extorted approximately $91 million in ransoms through around 1,700 attacks on U.S. victims since 2020.