Ransomware virus infects Indiabulls, blackmailed to leak customer data

According to a recently published report, Indiabulls, a conglomerate of Indian companies, would have suffered a severe CLOP ransomware attack. The attack operators also leaked some screenshots of the compromised data as evidence of the attack.

Indiabulls is a consortium that generates revenues of more than $3.5 billion annually and employs more than 19,000 people in fields such as the real estate, financial services, infrastructure and pharmaceutical research market.

Shortly after reports of the ransomware attack began, CLOP operators began leaking some of the screenshots mentioned above. This hacking group is characterized by stealing data from affected companies and posting it on hacking forums as a way to force victims to make the ransom payment.

These stolen files can also be published on a site called ‘CL0P__- LEAKS’, operated by the same group responsible for the attack. The cybercriminals have published at least six screenshots, adding the message “Contact us in 24 hours”. The information presented appears to include proof of payment, a letter and four spreadsheets relating to some Indiabulls subsidiary companies (Indiabulls Pharmaceuticals and Housing Finance Limited).

The company has refused to disclose the ransom amount demanded by hackers, in addition to other details such as the method used to compromise their security. However, a report from cybersecurity firm Bad Packets revealed that threat actors could have exploited a Citrix Netscaler ADC VPN gateway vulnerable to the failure reported as CVE-2019-19781.

Los investigadores de Bad Packets afirman que durante el año pasado se descubrieron cientos de compañías tecnológicas empleando servidores críticos sin actualizar, lo que ha facilitado las cosas para los actores de amenazas.

Last March, the operators of this dangerous ransomware variant deployed an ambitious attack on ExecuPhar, a major pharmaceutical company based in the United States. Before completely infecting the company’s systems, the hackers stole more than 163 GB of unencrypted files; this information now circulates through multiple hacking forums, as the company refused to pay the ransom. Ransomware remains one of the main computer threats, so companies should consider all forms of protection against such attacks before its too late. Awareness of your users with less knowledge of cybersecurity is an ideal starting point, they consider cybersecurity