Cyber Incident Victim: Bailly Creat

The Bailly Creat incident involved a cyberattack by the Doppel ransomware group against the French pharmaceutical laboratory, with initial infiltration occurring around November 2020. Attackers compromised at least one company computer system and exfiltrated sensitive documents during their unauthorized access. The intrusion remained undetected for approximately four months until February 2021, when Doppel operatives unexpectedly published several hundred stolen files on their leak platform without prior ransom demands or countdown timers. This publication represented the final phase of their operation against the organization, as the attackers concluded payment would not be forthcoming from the victim. The data dump contained corporate documents that appeared to originate from the November breach, though the full scope of compromised systems remained unclear from available evidence.

The unauthorized disclosure exposed sensitive company information through the attackers' distribution channels, with strong indications that unreleased data may have been sold to other criminal entities. No financial demands accompanied the leak, distinguishing this incident from typical ransomware operations where decryption keys are bartered. The four-month gap between initial compromise and data publication suggested prolonged attacker access to Bailly Creat's environment. While the exact nature of exposed documents wasn't specified, their volume and corporate origin indicated potential operational, intellectual property, or confidential business impacts. The laboratory faced reputational and operational consequences from having internal materials circulating in criminal ecosystems without means of recall or containment.