Housing nondepository financial institution Indiabulls was hit by CLOP ransomware and screenshots of the stolen data were posted online.
The Indiabulls Group is India’s second-largest housing nondepository financial institution may be a mortgage lender, headquartered in New Delhi , India with $3.5 billion in revenue (2019), over 19,000 employees.
The Cyble research team discovered the info leak while scanning fraudulent activities within the deep and dark web. the info leak contains snapshots of sensitive bank-related documents like transaction details, vouchers, letters sent to bank managers and far more.
The bad actors have leaked the info as a warning to Indiabulls group to simply accept their term within 24 hours otherwise, the operators tend to leak an outsized lot of the company’s confidential data. it’s unclear what proportion ransomware CLOP demands or when the attack occurred.
The cyber intelligence firm said that a gateway of Indiabulls had a technical vulnerability but it couldn’t verify whether the breach in Indiabulls system had taken place thanks to an equivalent vulnerability “According to Cyber Intelligence firm Bad Packets, hackers allegedly exploited the CVE-2019-19781 vulnerability within the Citrix Netscaler ADC VPN Gateway exposed by Indiabulls,” stated security affairs.
The CVE-2019-19781 vulnerability affects Citrix Application Delivery Controller (ADC), Citrix Gateway and Citrix SD-WAN WANOP appliances.CLOP Threat Actors CLOP threat actors are known to steal unencrypted files before deploying the ransoamware and therefore the leaked files are then posted on their ‘CLoP^_- LEAKS’ data leak site. Later they threaten the victim that more data are going to be leaked if the ransom demand isn’t paid.
The CLOP Ransomware operators have conducted an attack in March against U.S drug company ExecuPharm where they stole 163 GB of encrypted files and later leaked it all on their data leak site after not being paid.