Sign in

Hackers dump trove of IndiaBulls data as first ransom deadline ends

The data dump came at the end of a 24-hour deadline and was followed by a threat to leak another tranche of sensitive information, Singapore-based Cyble said, identifying the alleged hackers as a group deploying what is known as the CL0P ransomware.

Updated on: Jun 25, 2020, 03:50:23 IST
Hindustan Times, New Delhi | By
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

Ransom-seeking cyber criminals dumped a trove of sensitive data stolen from IndiaBulls Group, releasing close to 5 gigabytes (GB) of files containing customer identity documents, financial transaction statements and employee details in an ostensible attempt to make the company pay up, a private cybersecurity agency tracking the development said on Wednesday.

The leak included scans of customers’ KYC (know your customer) documents such Aadhaar cards, voter ID, PAN cards and passports, employees’ official ID details and phone numbers. (Bloomberg file photo)
The leak included scans of customers’ KYC (know your customer) documents such Aadhaar cards, voter ID, PAN cards and passports, employees’ official ID details and phone numbers. (Bloomberg file photo)

The data dump came at the end of a 24-hour deadline and was followed by a threat to leak another tranche of sensitive information, Singapore-based Cyble said, identifying the alleged hackers as a group deploying what is known as the CL0P ransomware.

The leak included scans of customers’ KYC (know your customer) documents such Aadhaar cards, voter ID, PAN cards and passports, employees’ official ID details and phone numbers, and private keys and certificates that can enable access to the IndiaBulls Group banks’ digital services, a Cyble representative told HT over email.

An IndiaBull representative acknowledged a breach on Tuesday, saying the group was informed of an attack on its “peripheral” systems on Monday and that information being leaked was not sensitive. On Wednesday, when asked about the trove released by hackers, the person said the company did not have anything more to add for now.

“Their statement is inaccurate as the breach occurred several weeks ago, not on Monday. As you would imagine, it takes time from the initial breach to data exfiltration and extortion. It appears that the management underestimated, or was misguided about the impact and responded inaccurately,” the Cyble spokesperson said.

A ransomware attack – which involves making a target’s files inaccessible by encrypting them -- is carried out almost always by cyber criminals with a money motive as compared to nation-state hackers who often target privileged access or disruption of an adversary’s systems.

In this instance, the hackers encrypted the files using the CL0P ransomware.

“CL0P ransomware demands generally range from $50,000 to over $1 million – it depends on the target and negotiations,” said the Cyble spokesperson, adding that the agency was not aware of the exact ransom amount in this case.

Gurugram-headquartered IndiaBulls Group has several subsidiaries that offer financial services, including housing finance and consumer loans. On its website, the group says it “has a net worth of more than 28,580 Cr. (as on 31st March, 2019)”.

It was not immediately clear how the company’s systems were breached, but Cyble, in its initial report on Tuesday, noted that the company was found to have vulnerabilities in its virtual private network (VPN) system. The exact method of the hack which would have allowed the ransomware to be installed was yet to be determined.

(With inputs from Rajeev Jayaswal)

  • Binayak Dasgupta
    ABOUT THE AUTHOR
    Binayak Dasgupta

    Binayak reports on information security, privacy and scientific research in health and environment with explanatory pieces. He also edits the news sections of the newspaper.

Check India news real-time updates, latest news on Hindustan Times and more across India.