Indiabulls Group, a well-established financial services company in India has allegedly been hit with a cyberattack by CLOP ransomware group who are threatening to sell the stolen confidential data of the company on a hacking forum/s.

Yesterday, researchers at the data breach monitoring firm Cyble said “the data leak includes snapshots of highly sensitive bank-related documents of the company such as account transaction details, vouchers, letters sent to bank managers, and much more”.

Read Also: BHIM app data breach exposes personal details of 7 million+ Indians

CLOP ransomware group is similar to the other ransomware operators such as of Maze and Revil, threat actors known to steal unencrypted files before deploying the ransomware.

Some public reports state that the CLOP operators are associated with the Evil Corp / TA505 which is a well-known threat actor for targeting the financial sector since 2014.

Read Also: Pakistani APT targeted Indian Railways with Spear-Phishing Campaigns

The CLOP threat actors have uploaded screenshots of the stolen documents on their data leak site “CL0P^_- LEAKS” with a threat that more data will be leaked if their ransom demand of an unknown amount is not met.

“Yesterday, our digital risk monitoring service provider, CloudSec, informed us that there has been an attempt to penetrate our peripheral systems. The information being leaked by these threat actors is not sensitive in nature. All data and information pertaining to our customers is safe and securely placed. We have successfully restored all the affected systems through our encrypted data back-up storage. Each and every system is functioning and operating normally,” an Indiabulls spokesperson said.

“Presently, we are analyzing the incident through cyber footprints to restrict future occurrences. We have already put in place stringent and rigid access management controls considering cybersecurity in the backdrop of the ongoing COVID-19 pandemic, and have implemented world class IT infrastructure tools and technologies to ensure cyber resilience and provide a robust business framework. We have been keeping our users updated through cyber security advisories at all levels at frequent intervals,” the company spokesperson further added.

Read Also: Pakistani APT targeted Indian Railways with Spear-Phishing Campaigns

The cyberattack is believed to be performed by the CLOP operators by exploiting an unpatched vulnerability (CVE-2019-19781) present in the company’s Citrix Netscaler ADC VPN gateway.

Though, there is no confirmation if this is how CLOP operators breached the Indiabulls’ network and obtained their data.

Back in March 2020, the CLOP ransomware group have breached the UK-based logistics company named EV Cargo Logistics and a pharmaceutical company ExecuPharm where they stole 163GB of unencrypted data.

Kanishk Tagade

Founder and Editor at QuickCyber. Kanishk is a cybersecurity enthusiast, security researcher, and an enterprise growth marketer. He's also a community member of the Nasscom community and corporate contributor at many technology magazines and security awareness platforms. He is also a social micro-influencer for cybersecurity, Infosecurity, digital transformation, and artificial intelligence technologies.

Share with your friends:


Leave a Reply

Your email address will not be published. Required fields are marked *