Indiabulls Group, a leading Indian conglomerate, was targeted by a cyberattack on June 22, leading to a minor data breach involving non sensitive information. Affected systems have been successfully restored as of today, the company confirmed in an official statement.
“Yesterday, our digital risk monitoring service provider, CloudSec, informed us that there has been an attempt to penetrate our peripheral systems. The information being leaked by these threat actors is not sensitive in nature. All data and information pertaining to our customers is safe and securely placed. We have successfully restored all the affected systems through our encrypted data back-up storage. Each and every system is functioning and operating normally," an Indiabulls spokesperson said.
Researchers at Cyble Inc, a cyber threat intelligence firm, believes Indiabulls Group was hit by the Clop ransomware and the data leak is a warning by the ransomware operators to concede to their demands within 24 hours of the first attack.
Cyble claims that the current data leak includes highly sensitive bank-related documents including account transaction details, letters sent to bank managers and vouchers.
As mentioned earlier, Indiabulls has refuted the allegation and called the leaked data as non sensitive.
"Presently, we are analysing the incident through cyber footprints to restrict future occurrences. We have already put in place stringent and rigid access management controls considering cyber security in the backdrop of the ongoing covid-19 pandemic, and have implemented world class IT infrastructure tools and technologies to ensure cyber resilience and provide a robust business framework. We have been keeping our users updated through cyber security advisories at all levels at frequent intervals," the company spokesperson further added.
According to Cyble, Clop ransomware is similar to Maze and Revil and steals data before encrypting the company systems, so even if the company refuses to pay the ransom the operators behind them can still make some profit by selling the stolen data on Dark Web markets.
Malware attacks have increased over the last few months as hackers are trying to take maximum advantage of the fact that many companies are operating remotely due to lockdown and employees working from home are easier targets as compared to when they are working from a secure office network.
Successful cyberattacks not only disrupts operations but also leads to financial losses for the companies involved.
A case in point is the Maze ransomware on Cognizant in April, which is expected to cost them $ 50 to 70 million in Q2 2020. According to news reports, the data leaked by the ransomware attack included corporate credit card details of Cognizant's employees.