CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

CLOP ransomware operators have allegedly hacked IndiaBulls Group, an Indian conglomerate headquartered in Gurgaon, India.

CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group, its primary businesses are housing finance, consumer finance, and wealth management.

Indiabulls Group has around 19,000 employees, the company has been earning an average revenue of 25,000 crore Indian rupees. The company has three operating divisions: Indiabulls Housing Finance Ltd, Indiabulls Ventures Ltd, and Indiabulls Real Estate Ltd.

The CLOP ransomware operators leaked samples of the data stolen from the company and are threatening to release the overall dump within 24 hours if the victim will not pay the ransom.

“As per now, the leaked data seems to be a warning by the ransomware operators to Indiabulls group to accept their terms within 24 hours. Otherwise, CLOP operators tend to leak a large lot of the company’s confidential data.” reads a post published by threat intelligence firm Cyble.

“The current data leak includes snapshots of highly sensitive bank-related documents of the company such as account transaction details, vouchers, letters sent to bank managers, and much more.”

Researchers at Cyble Research Team have discovered the data leak while monitoring fraudulent activities in the deep and dark web.

Stolen data includes highly sensitive documents of the company, including banking account transaction details, vouchers, and letters sent to bank managers.

Below one of the snapshots leaked by the CLOP ransomware operators as proof of the hack.

According to Cyberintelligence firm Bad Packets, hackers allegedly exploited the CVE-2019-19781 vulnerability in the Citrix Netscaler ADC VPN gateway exposed by Indiabulls.

The CVE-2019-19781 vulnerability affects Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

The issue was discovered in December and could be exploited by attackers to access company networks. In January, Citrix announced then permanent fixes for the above remote code execution vulnerability.

Cyber researchers recommend people to:

Never share personal information, including financial information over the phone, email or SMSs
Use strong passwords and enforce multi-factor authentication where possible
Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile

People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Clop ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.