[BreachExchange] Hackers Leak Tons of Personal Data as IndiaBulls Fails to Meet the First Ransomware Deadline

Destry Winant destry at riskbasedsecurity.com
Tue Jun 30 10:09:33 EDT 2020


Hackers demanding ransom released data, as the IndiaBull failed to
meet the first ransom deadline. It happened after a 24-hour ransomware
warning was issued, and when the party was unable to make ends meet,
the hackers dumped the data. According to Cyble, a Singapore based
cybersecurity agency, the hackers have threatened to dump more data
after the second deadline ends. The hackers are using ransomware,
which the experts have identified as "CLOP."

The hackers stole the data from IndiaBulls and released around 5 Gb of
personal data containing confidential files and customer information,
banking details, and employee data. It came as a warning from the
hackers, in an attempt to threaten the other party, says a private
cybersecurity agency.

About the data leak-
The dumped data resulted in exposing confidential client KYC details
like Adhaar card, passport details, Pan card details, and voting card
details. The leak also revealed personal employee information like
official ID, contact details, passwords, and codes that granted access
permission to the company's online banking service. The IndiaBulls'
spokesman said that the company was informed about the compromise of
its systems on Monday; however, the data leaked is not sensitive. When
asked about the data leak incident that happened on Wednesday, he said
that the company had nothing to say.

The cybersecurity agency, however, tells a different story. It says
that the spokesperson's information is incorrect as the attack did not
happen on Monday. It also says that it requires some time to carry out
such an attack, in other words, the transition phase from initial
attack to extortion. The company may have been confused or misguided,
say the cybersecurity experts. In a ransomware attack, the hacker
makes it impossible for the user to access the files by encrypting
them. Most of the time, the motive behind the ransomware threat is
money, which is quite the opposite of state-sponsored hackers, whose
aim is to affect the systems. In the IndiaBulls' incident, hackers
encrypted the files using CLOP ransomware. It is yet to confirm how
the hackers pulled this off, but according to Cyble, it was mainly due
to vulnerabilities in the company's VPN.

More information about the BreachExchange mailing list