Indian conglomerate called Indiabulls Group has been hit by a ransomware attack leading to exposure of confidential data of the financial services group of companies – The group involved in the breach has vowed to leak more data.
It is worth noting that the Indian group, having a net worth of over USD 355,277,980. The group was attacked by Clop ransomware operators, which operates in more or less a similar manner as REvil or Maze groups.
Their modus operandi involves a “steal, lock/encrypt and inform” cycle where they only target a firm after identifying the associated reputational risks for their victim.
Just like other ransomware groups, Clop ransomware operators also used emails to send ransom notes to IndiaBulls threatening to leak the stolen data on dark web hacking forums if their demands are not met.
The stolen data includes four spreadsheets related to the Indiabulls Housing Finance Limited and Indiabulls Pharmaceuticals subsidiaries, and the ransomware operators have so far posted six screenshots of the stolen data.
Until now, the company hasn’t clarified how the attackers were able to access Indiabulls’ network or what sort of data got stolen and how much ransom is demanded by the attackers.
However, Cyble researchers claim that Indiabulls has a vulnerable Citrix Netscaler ADC VPN gateway, which is vulnerable to CVE-2019-19781 vulnerability. If this vulnerability is exploited, an attacker can remotely execute arbitrary code execution to obtain unauthorized access.
Moreover, Cyble claims that leaked data includes “snapshots of highly sensitive bank-related documents of the company such as account transaction details, vouchers, letters sent to bank managers, and much more.”
Furthermore, the company claims that the leaked data isn’t “sensitive in nature” as personal customer data is safe, and the company has restored all of its affected systems using encrypted data back-up storage.
“Each and every system is functioning and operating normally,” Indiabulls rep explained.
India under cyber attacks:
This, however, is not the first time in recent months that an Indian firm come under a ransomware attack. Just last month, Indian defense contactor Bharat Earth Movers Limited (BEML) suffered a data breach in which hackers leaked sensitive data on a dark web hacker forum.
Just a couple of weeks before the BEML breach, popular Indian mobile payment app BHIM leaked financial data of 7 million Indians. In total, the company exposed 409 GB worth of customer data on a public domain.