The Hyderabad-based Biological E, which received a grant of US$4 million (A$5.49 million) from the Gates Foundation to develop a vaccine, was hit by Ragnar Locker, while Dr Reddy's Laboratories, which has its headquarters in Bangalore and is conducting clinical trials on the Russian-developer Sputnik V vaccine, was hit by the Egregor ransomware.
Both Ragnar Locker and Egregor run only on Microsoft's Windows operating system.
The attackers have released five files from Biological E containing data that was pilfered from the company during the incident, ranging in size from 9.84GB to 29.1GB.
A screenshot from the Gates Foundation website showing details of grant to Biological E.
The criminals said the attack took place on 28 October and that there had been visits to their website by Biological E a number of times, but no negotiations had been initiated.
In the case of the other attack, Reuters reported that the company said on 22 October that it isolated all data centre services as a preventive act.
It said an Indian TV channel, ET Now, had been the first to report the incident.
Dr Reddy's is the second biggest drugmaker in India by market value. It has plants in the US, UK, Brazil, Russia and India and all were affected by the ransomware attack.
Dr Reddy's is conducting the clinical trial along with the Russian Direct Investment Fund, Moscow's sovereign wealth fund.
The project began in September and, as part of the deal, RDIF will provide 100 million doses of the vaccine to Dr Reddy's once it has been approved for use in India.
iTWire has contacted both Biological E and Dr Reddy's for comment.
Asked for his take on the incidents, ransomware researcher Brett Callow, who works for the New Zealand-headquartered security firm Emsisoft, said: "Egregor's rate of 'customer acquisition' is quite unprecedented." He was referring to the number of new victims that the ransomware outfit has added to its site on the dark web in recent days.
Callow added: "It seems likely that Maze and/or their affiliates have switched to Egregor and are now encrypting previously compromised networks." The operators Maze, a prolific ransomware setup, announced earlier this month that it would be shutting down its operations.