Bajaj Auto Discloses Ransomware Attack Affecting Operations

Executive Summary

India's largest automaker by market capitalization, Bajaj Auto, disclosed a ransomware attack on Tuesday that disrupted operations at the company and its technology subsidiary, Bajaj Auto Technology Limited. The company filed a regulatory notice stating it became aware of the incident on the morning of June 24, 2026, and immediately activated containment measures. While Bajaj Auto described its mitigation efforts as "successful," the company has not identified the threat actor, confirmed whether data was exfiltrated, or disclosed any ransom demand.

Technical Analysis

According to a regulatory filing with Indian stock exchanges, Bajaj Auto detected the ransomware incident on Tuesday morning and engaged its internal technical team alongside external cybersecurity experts. The company stated that "precautionary measures" were taken to contain the attack's spread, and initial mitigation efforts have been successful. The filing did not specify which systems were encrypted or whether the ransomware spread to backup infrastructure.

The attack affected both Bajaj Auto's core manufacturing operations and Bajaj Auto Technology Limited, a subsidiary focused on engineering and research. Bajaj Auto is one of India's largest vehicle manufacturers, producing motorcycles, scooters, and commercial vehicles, and is the world's largest manufacturer of three-wheeled auto-rickshaws. The operational impact on production lines remains unclear, as the company did not provide details on downtime or recovery timelines.

Notably, the disclosure comes amid a broader uptick in cyber incidents targeting Indian manufacturers. Earlier this week, Tata Electronics confirmed a separate cybersecurity incident after the extortion group World Leaks published what it claimed were stolen confidential documents. The Record reported that World Leaks has previously targeted organizations in manufacturing, healthcare, technology, and energy sectors across the US, Europe, Canada, and India. Bajaj Auto's filing did not indicate any connection to the Tata Electronics breach, and no shared threat actor infrastructure has been publicly identified.

Mitigations & Recommendations

Given the lack of technical details in Bajaj Auto's disclosure, defenders in the manufacturing sector should monitor for indicators of ransomware deployment common to recent campaigns targeting Indian industrial firms. Organizations should ensure that critical backups are stored offline or in immutable storage, segment operational technology (OT) networks from IT environments, and enforce multi-factor authentication on all remote access points. The absence of attribution means defenders cannot rely on known TTPs from a specific group; instead, general ransomware readiness practices—including regular tabletop exercises and endpoint detection and response (EDR) deployment—are warranted.