IndiaBulls hit with ransomware attack
THE LEAK INCLUDED SCANS OF CUSTOMERS’ KYC DOCUMENTS, EMPLOYEES’ OFFICIAL ID DETAILS AND NUMBERS, AND KEYS THAT CAN ENABLE ACCESS TO DIGITAL SERVICES
NEWDELHI:Ransom-seeking cyber criminals dumped a trove of sensitive data stolen from IndiaBulls Group, releasing close to 5 gigabytes (GB) of files containing customer identity documents, financial transaction statements and employee details in an ostensible attempt to make the company pay up, a private cybersecurity agency tracking the development said on Wednesday.
The data dump came at the end of a 24-hour deadline and was followed by a threat to leak another tranche of sensitive information, Singapore-based Cyble said, identifying the alleged hackers as a group deploying what is known as the CL0P ransomware.
The leak included scans of customers’ documents such Aadhaar cards, voter ID, PAN cards and passports, employees’ official ID details and phone numbers, and private keys and certificates that can enable access to the IndiaBulls Group banks’ digital services, a Cyble representative told HT over email.
An IndiaBulls representative acknowledged a breach on Tuesday, saying the group was informed of an attack on its “peripheral” systems on Monday and information being leaked was not sensitive. On Wednesday, when asked about the trove released by hackers, the person said the company did not have anything more to add for now.
“Their statement is inaccurate as the breach occurred several weeks ago, not on Monday. As you would imagine, it takes time from the initial breach to data exfiltration and extortion. It appears that the management underestimated, or was misguided about the impact and responded inaccurately,” the Cyble spokesperson said.
A ransomware attack – which involves making a target’s files inaccessible by encrypting them -- is carried out almost always by cyber criminals with a money motive as compared to nationstate hackers who often target privileged access or disruption of an adversary’s systems.
In this instance, the hackers encrypted the files using the CL0P ransomware. “CL0P ransomware demands generally range from $50,000 to over $1 million – it depends on the target and negotiations,” said the Cyble spokesperson, adding that the agency was not aware of the exact ransom amount in this case.