Published on June 24, 2026
Bajaj Auto Discloses Ransomware Cyberattack Impacting Company and Technology Unit
Severity
Medium
Detail
Indian automotive manufacturer Bajaj Auto has disclosed a ransomware incident affecting both its core corporate IT systems and its wholly owned subsidiary, Bajaj Auto Technology Ltd (BATL). The company confirmed that the attack was detected around 8:00 AM IST on June 23, 2026, and was formally reported through a regulatory filing on June 24.
Upon detection, Bajaj Auto activated its incident response plan and engaged internal cybersecurity teams along with external experts and senior management to contain the attack. The company stated that immediate mitigation measures were implemented to limit spread across interconnected systems spanning both the parent organization and BATL, which supports digital engineering and technology-driven operations.
While the company has confirmed the incident and containment efforts, it has not disclosed key technical details such as the ransomware variant, initial access method, extent of encryption, or whether any data exfiltration occurred. The investigation is ongoing, and the full operational and security impact has yet to be determined.
How?
The ransomware intrusion reportedly affected interconnected IT environments within Bajaj Auto and its technology subsidiary, suggesting lateral movement across shared enterprise infrastructure. Once detected, the organization activated containment protocols, which typically include isolating affected systems, restricting network access, resetting credentials, and engaging forensic teams to assess the scope of compromise.
Although the exact intrusion path remains undisclosed, such incidents in manufacturing environments are commonly associated with compromised credentials, phishing campaigns, exposed remote access services, or exploitation of unpatched systems. In many modern ransomware operations, attackers attempt to move laterally across corporate and engineering networks to maximize disruption and potential leverage for extortion. At this stage, it remains unclear whether the attackers deployed encryption-only tactics or also engaged in data theft for double-extortion purposes.
Recommendation
Organizations should prioritize rapid identification and isolation of affected systems during ransomware incidents to prevent lateral spread across enterprise and subsidiary environments. Strong segmentation between corporate IT, engineering, and operational systems is critical, particularly in manufacturing sectors where interconnected networks increase blast radius.
Security teams should enforce multi-factor authentication across all remote access points, continuously monitor privileged account activity, and ensure that endpoint detection and response (EDR) tools are fully deployed and actively monitored. Regular patching of internet-facing systems and timely remediation of vulnerabilities remain essential to reduce initial access risks.
In addition, organizations should maintain immutable and offline backups, routinely test recovery procedures, and establish clear incident response workflows that include coordination with external cybersecurity experts and regulatory bodies. Continuous monitoring for unusual encryption activity, privilege escalation, and abnormal lateral movement can help detect ransomware behavior early before widespread disruption occurs.
Source
https://gbhackers.com/bajaj-auto-discloses-ransomware-cyberattack/
https://cybersecuritynews.com/bajaj-ransomware-attack/
https://cyberpress.org/bajaj-auto-confirms-ransomware-incident/