India’s two-wheeler giant Bajaj Auto disclosed on June 23, 2026 that it had fallen victim to a ransomware attack, with malicious actors compromising systems at both the parent company and its wholly owned technology subsidiary, Bajaj Auto Technology Ltd (BATL). The incident was detected at approximately 8:00 AM IST and triggered an immediate response from the company’s internal cybersecurity teams alongside external experts.
What Happened
Bajaj Auto filed a regulatory disclosure confirming that ransomware had infiltrated its IT infrastructure. The attack targeted systems shared between Bajaj Auto and BATL simultaneously, suggesting a coordinated intrusion rather than an opportunistic hit. As of the disclosure, the company had not attributed the attack to any specific ransomware group or threat actor.
The incident is the latest in a growing wave of ransomware campaigns targeting the Indian manufacturing and automotive sector, which has emerged as a high-value target for cybercriminals seeking large payouts from well-capitalized industrial firms.
Immediate Response
Upon detecting the breach, Bajaj Auto’s technical team — working alongside external cybersecurity experts and senior management — initiated containment protocols designed to halt the spread of the ransomware and mitigate its operational impact. The company stated in its regulatory filing:
“Immediately upon becoming aware of the incident, the technical team of the Company, along with cyber security experts and the management responded promptly and initiated necessary precautionary actions and protocols to mitigate the impact of this incident.”
Containment efforts have reportedly been successful in limiting the spread, but the full extent of disruption — including whether manufacturing operations, supply chains, or data stores were materially impacted — has not yet been disclosed.
Regulatory Notifications
In line with Indian cybersecurity law, Bajaj Auto formally notified the Indian Computer Emergency Response Team (CERT-In) under the provisions of the Information Technology Act, 2000. The company also made a disclosure under Regulation 30 of SEBI’s Listing Obligations and Disclosure Requirements Regulations, 2015, citing corporate governance obligations. This dual reporting reflects the gravity of the incident and sets a transparency standard that other Indian manufacturers may be expected to follow.
Why This Matters
As one of India’s largest producers of motorcycles and three-wheeled commercial vehicles, Bajaj Auto’s operational footprint is extensive. Any prolonged disruption to its IT infrastructure could cascade across its supply chain, affecting component suppliers, dealerships, and logistics partners. The automotive sector’s heavy reliance on integrated ERP, manufacturing execution systems (MES), and connected production lines makes it particularly vulnerable to ransomware with network-spreading capabilities.
The attack also highlights a recurring pattern: ransomware groups are increasingly targeting regulated industries where disclosure requirements create negotiation pressure — the threat of public exposure often accelerates victim payments.
What Is Still Unknown
- Whether any data was exfiltrated prior to encryption (double extortion scenario)
- The specific ransomware variant or threat actor responsible
- The full scope of affected systems and business continuity impact
- Whether a ransom demand has been made or paid
Recommended Actions for Similar Organizations
Industrial and automotive companies operating in India and globally should treat this disclosure as a call to action:
- Segment your OT/IT networks — ransomware spreading from enterprise IT to operational technology systems can halt production lines entirely.
- Test your incident response plan — tabletop exercises specific to ransomware scenarios reduce response time when a real attack occurs.
- Harden remote access — VPN endpoints and RDP remain the most common initial access vectors for ransomware groups.
- Validate backups — offline, tested backups are the most effective recovery mechanism and reduce negotiating pressure when ransomware strikes.
- Know your disclosure obligations — CERT-In mandates reporting of cyber incidents within six hours of detection; failure to comply carries regulatory risk.
Bajaj Auto is expected to provide further updates as its investigation progresses. Organizations across the Indian manufacturing sector should monitor this situation closely and review their own ransomware readiness posture in light of this latest high-profile incident.