Ransomware Attack on Khandelwal Laboratories Pvt. Ltd. by Hunters International

Khandelwal Laboratories Pvt. Ltd. (KLab), a prominent Indian pharmaceutical company, has fallen victim to a ransomware attack orchestrated by the Hunters International group. The cybercriminals claim to have exfiltrated 126.5 GB of sensitive data and have threatened to publish it within the next 2 to 3 days if their demands are not met.

About Khandelwal Laboratories Pvt. Ltd.

Established in 1945 and headquartered in Mumbai, KLab is a privately owned pharmaceutical company specializing in research and development, manufacturing, distribution, marketing, and licensing of patented pharmaceutical formulations, novel drug delivery systems (NDDS), and niche active pharmaceutical ingredients (APIs). The company operates three WHO-GMP approved manufacturing facilities located in Thane, Rudrapur, and Dadra, focusing on oncology, antibiotics, and pain and spasm management. With over 1,000 employees, KLab is a key player in the Indian pharmaceutical market, known for its pioneering work in oncology products.

Attack Overview

The ransomware group Hunters International has claimed responsibility for the attack on KLab via their dark web leak site. The group asserts that they have infiltrated the company's systems and exfiltrated a substantial amount of sensitive data. The threat to publish this data poses significant risks to KLab's confidential information and operations.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Potential Vulnerabilities

KLab's extensive operations and significant role in the pharmaceutical industry make it an attractive target for ransomware groups. The company's reliance on digital systems for research, development, and manufacturing processes could have provided multiple entry points for the attackers. Additionally, the sensitive nature of the data handled by KLab, including proprietary formulations and patient information, increases the potential impact of such an attack.

Penetration Methods

While the exact method of penetration used by Hunters International in this attack is not yet confirmed, the group's tactics often involve phishing emails, exploiting unpatched vulnerabilities, and leveraging stolen credentials. The technical overlap with Hive ransomware suggests that Hunters International may have used similar encryption methods and operational strategies to infiltrate KLab's systems.

Sources

• Khandelwal Laboratories Pvt. Ltd. Official Website
• Economic Times - Khandelwal Laboratories Pvt. Ltd.
• SOCRadar - Dark Web Profile: Hunters International
• Global Security Mag - Hive Ransomware's Offspring: Hunters International