Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline


Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data.

The Indiabulls Group is an Indian conglomerate with $3.5 billion in revenue (2019), over 19,000 employees, and subsidiaries focusing on housing, personal finance and lending, infrastructure, and pharmaceuticals.

“The Indiabulls Group is a diversified financial services group with interests in housing finance, consumer finance and personal wealth. The Group also has a presence in Real Estate, Pharmaceuticals, Lighting and Infrastructure & Construction Equipment Leasing. The group has a net worth of more than ₹ 28,580 Cr. (as on 31st March, 2019),” states their about page.

CLOP Ransomware claims to have breached Indiabulls

The CLOP Ransomware operators claimed to have breached Indiabulls and have posted screenshots of files that they have allegedly stolen during the attack.

When performing a ransomware attack, the CLOP threat actors are known to steal unencrypted files before deploying the ransomware.

These files are then posted on their ‘CL0P^_- LEAKS‘ data leak site with a threat that more data will be leaked if the ransom demand is not paid.

Today, the CLOP threat actors have uploaded screenshots of six stolen files with the message of “Contact us in 24H.”

The leaked documents include a voucher, a letter, and four spreadsheets related to the Indiabulls Pharmaceuticals and Indiabulls Housing Finance Limited subsidiaries.

IndiaBulls leak on CLOP data leak site
Indiabulls leak on CLOP data leak site


It is not known how much CLOP is demanding for a ransom or when the attack occurred.

Cyberintelligence firm Bad Packets told BleepingComputer, though, that Indiabulls has an Citrix Netscaler ADC VPN gateway exposed, which is vulnerable to the CVE-2019-19781 vulnerability.

It is not known if this is how they were potentially breached.

Threat intel firm Bad Packets said that its internet-wide scans had discovered last year that the fintech company had run unpatched servers for a long time, leaving its systems exposed to attacks.

In March, the CLOP Ransomware operators also conducted an attack against U.S pharmaceutical company ExecuPharm when they stole 163GB of unencrypted files. Since then, the ransomware actors have leaked it all on their data leak site after not being paid.

BleepingComputer has contacted both CLOP and Indiabulls but has not received a response as of yet.

H/T Cyble

Update 6/22/20: Added information about vulnerable Netscaler device.

Source link

Recent articles

As Virus Spreads, States Face a Truth: ‘We Cannot Test Our Way Out of This’

WASHINGTON — As the United States struggled with coronavirus testing this spring, Tennessee was the rare state that lived up to President Trump’s...

Stylized Western Saloon Blender 2.8 Full Course Free On YouTube

3D Tudor writes: Hello everyone here is a link the series that is completely free over on YouTube. It isa 9 part series teaching...

Cathay Pacific mulls parking aircraft outside Hong Kong | News

Cathay Pacific Group is considering parking some aircraft outside of its Hong Kong base to protect them from the city’s hot and humid summer. The...

Coronavirus Live Updates: Trump Pushes for Schools to Reopen

As U.S. infections hit 3 million, the Trump administration presses local officials to reopen classrooms in the fall.As the total number of coronavirus...

How New Zealand’s media endangered public health | Coronavirus pandemic

New Zealand's health minister, David Clark, has been forced to resign and the nation's hyperactive media have claimed their latest scalp. In the...

How Do You Tell Your Child He Is Undocumented?

When Excel comes back nine months later, he surprises Maxima at home: She jumps up with “a switchblade aimed right at him,” mistaking...

Leave a reply

Please enter your comment!
Please enter your name here