Hackers demanding ransom released data, as the IndiaBull failed to meet the first ransom deadline. It happened after a 24-hour ransomware warning was issued, and when the party was unable to make ends meet, the hackers dumped the data. According to Cyble, a Singapore based cybersecurity agency, the hackers have threatened to dump more data after the second deadline ends. The hackers are using ransomware, which the experts have identified as “CLOP.”
The hackers stole the data from IndiaBulls and released around 5 Gb of personal data containing confidential files and customer information, banking details, and employee data. It came as a warning from the hackers, in an attempt to threaten the other party, says a private cybersecurity agency.
About the data leak-
The dumped data resulted in exposing confidential client KYC details like Adhaar card, passport details, Pan card details, and voting card details. The leak also revealed personal employee information like official ID, contact details, passwords, and codes that granted access permission to the company’s online banking service.
The IndiaBulls’ spokesman said that the company was informed about the compromise of its systems on Monday; however, the data leaked is not sensitive. When asked about the data leak incident that happened on Wednesday, he said that the company had nothing to say.
The cybersecurity agency, however, tells a different story. It says that the spokesperson’s information is incorrect as the attack did not happen on Monday. It also says that it requires some time to carry out such an attack, in other words, the transition phase from initial attack to extortion. The company may have been confused or misguided, say the cybersecurity experts.
In a ransomware attack, the hacker makes it impossible for the user to access the files by encrypting them. Most of the time, the motive behind the ransomware threat is money, which is quite the opposite of state-sponsored hackers, whose aim is to affect the systems. In the IndiaBulls’ incident, hackers encrypted the files using CLOP ransomware. It is yet to confirm how the hackers pulled this off, but according to Cyble, it was mainly due to vulnerabilities in the company’s VPN.