NEW DELHI: A day after cyberattack on Indiabulls Group, miscreants behind the Clop ransomware have released 4.75GB of data from the breach on Dark Web and have threatened to release more over the next 24 hours.
Researchers at Cyble Inc, the cyber intelligence firm, which reported the breach have analysed the data and found scans of KYC documents including Aadhaar card, voter cards, PAN card, passport and driving license of customers. They also found customer loan details, property address against which loan was sanctioned, current address of customers along with their personal email IDs and mobile numbers.
The data also includes names of Indiabulls’ employees, their user IDs, official e-mail IDs, operating branch names and mobile numbers along with private keys and certificates for facilitating ENet services from banks.
Indiabulls Group had confirmed the cyberattacks but maintained that only peripheral systems were targeted, and the information leaked by attackers was not sensitive in nature. It claimed that all data and information pertaining to customers were safe and securely placed.
The company refused to add anything further when asked about the sensitive nature of the data released by attackers on Dark Web.
Indiabulls Group is a financial services company with operations in housing and consumer finance.
Researchers at Cyble claim that operators behind Clop ransomware have the same modus operandi as those at Maze and Revil. They first steal company data before encrypting the company systems and then threaten them with releasing the data on Dark Web, causing damage to company reputation or loss of intellectual property.
First spotted in February 2019, Clop ransomware group is believed to have links to the TA505 / SectorJ04 / Evil Corp group, a well known threat actor targeting financial sector since 2014.
Some of the recent attacks involving Clop ransomware were on EV Cargo Logistics, a UK-based logistics company and ExecuPharm, a US based pharmaceutical company. Both were targeted in March.