Finding the Report. The Indian Conglomerate Indiabulls group headquarter is situated in Gurgram which hit by the CLOP ransomware virus earlier this month as the cybersecurity company Cybel mentioned. The Threat actor who acts behind the virus threatens the company that they can expose the stolen data in public if the group refused to pay the ransom with 24 hours.
To prove the reality of the attack, even the cyber attackers have uploaded the six screenshots to the ‘CLOP_-LEAKS’ site. After the investigation, the expert claims that expose data is highly sensitive which include the bank document, transaction details, vouchers, conversations with the different baking institute and the other finance-related details have been exposed.
As per Report, the experts are still under investigation which re alleged attack and still not gets clear whether it was really initiated. The Bad Packets in which the expert class has been found technically vulnerable in the Indiabulls Server. The threat actor has exploited the Citrix Netscaler ADC VPN gateway which came, in turn, out to be vulnerable for the CVE-2019-19781 vulnerability.
Finally, apart from the six leaked files which were found on the Clop ransomware site, there are no other specificities known which expect that the authorities of Indiabulls are expected to pay the ransom within 24 hours.
The Cyber attackers also promise to expose the leaked data which are related to pharmaceuticals and Indiabulls housing finance Limited.
Exposed to Leak Site
As you all are aware either Maze being an initiator of the data breach, the ransomware families followed the examples and launched such sites which are mainly used to blackmail the victims and induce them to pay the ransom amount.
The first followers of the leak site are Sodinokibi/REvil, memory and DoppelPaymer were the first followers. The Nefilim, Sekhmet, and Clop have also started following the trend.
The Newly leak site has been fulfilled with the victim’s credentials.
Recently On March 13, The Execu Pharm pharmaceuticals were compromised by the cyber threat actor and the hit by the CLOP ransomware. The hackers are able to manage and lock the server with 163GB of data. If we find the result is that data exposed by the threat actor at the end.
The Criminal’s minds behind the CLOP ransomware hit have exposed around thousand of emails, accounting information, financial records, backups, and other highly sensitive data with the proof attack.
Another Maastricht University, the University data are also compromised and the whole file is encrypted with the virus and they paid 30 bitcoin for the criminals in exchange for the data.
Recently, we are discussing the CLOP ransomware attack over the India Bull group that hasn’t yet been confirmed.
CLOP Ransomware
The CLOP Ransomware first discovered and found in February 2019. It is a well-known ransomware family dubbed as CryptoMIx. The developer changed the behavior significantly and the ransomware became rather difficult to predict.
CLOP Ransomware is famous because of the stands out in the crowd of ransomware family and the killing process of the Windows 10 Software, IDEs, Language, Microsoft Office applications, Microsoft Exchange, SQL Exchange, SQL Server, My SQL, BAckupEXec, etc.
The Capability of killing 663 Windows processes before running a file encryption algorithm that was not such common behavior and the process killed by the CLOP is extraordinary and experts cannot understand for what purpose some of these processes are targeted.
Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.