Security Market Segment LS
Thursday, 25 June 2020 08:19

Big Indian conglomerate Indiabulls hit by Windows CLOP ransomware Featured

Big Indian conglomerate Indiabulls hit by Windows CLOP ransomware Pixabay

The Indian conglomerate Indiabulls, which is involved in financial services, real estate, pharmaceutical products, leasing of construction equipment, LED lights and facilities, has been hit by an attack of the CLOP ransomware that affects computers running Microsoft's Windows operating system.

According to Wikipedia, in 2019, the group earned revenue of 250 billion rupees (A$4.8 billion). Its headquarters is in Gurgaon, which is about 30km southwest of the Indian capital New Delhi, and it had 19,000 employees in 2019. Indiabulls has three operating divisions: Indiabulls Housing Finance, Indiabulls Ventures and Indiabulls Real Estate..

The attackers have released some financial data on the dark Web. iTWire has contacted Indiabulls for comment.

According to the US-based cyber threat intelligence firm Cyble among the data already released is the following:

  • Aadhaar (Indian identity card) card, voter ID, PAN card (issued by Indian tax authorities), passports, driving licences of customers;
  • Customer loan details along with the property address against which a given loan has been taken, present address of customers along with their personal email IDs and mobile numbers;
  • Indiabulls employee data which includes employee name, employee user IDs, official e-mail IDs, operating branch, and mobile numbers;
  • Private keys and certificates for facilitating ENet services from bank(s); and
  • Letters sent to banks requesting to open new current accounts along with names of the Indiabulls account signatories.

Cyble has posted screenshots of a large number of documents that have been made public by the CLOP attackers.

The Indian financial news website livemint said Indiabulls had confirmed that it had suffered a "minor data breach" on 22 June involving non-sensitive information, adding that affected systems had been restored by 23 June.

livemint quoted a company spokesperson as saying: “Yesterday, our digital risk monitoring service provider, CloudSec, informed us that there has been an attempt to penetrate our peripheral systems.

"The information being leaked by these threat actors is not sensitive in nature. All data and information pertaining to our customers is safe and securely placed.

"We have successfully restored all the affected systems through our encrypted data back-up storage. Each and every system is functioning and operating normally."

Cyble claimed that the data was sensitive, saying in its blog post: "The current data leak includes snapshots of highly sensitive bank-related documents of the company such as account transaction details, vouchers, letters sent to bank managers, and much more. Below are few snapshots been leaked by the CLOP ransomware operators."

But the Indiabulls spokesperson denied this, telling livemint: "Presently, we are analysing the incident through cyber footprints to restrict future occurrences.

"We have already put in place stringent and rigid access management controls considering cyber security in the backdrop of the ongoing COVID-19 pandemic, and have implemented world class IT infrastructure tools and technologies to ensure cyber resilience and provide a robust business framework.

"We have been keeping our users updated through cyber security advisories at all levels at frequent intervals."

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News