Unfortunately, Indiabulls Group has been breached by the operators of CLOP Ransomware.
Indiabulls Group is an Indian financial group with a revenue of around $3.5 billion (as of March 31, 2019). The company has about 20,000 employees and subsidiaries that focus on personal finance and lending, pharmaceuticals, infrastructure, and housing.
According to the report, these operators said they’ve stolen data, which includes 4 spreadsheets related to the Indiabulls Housing Finance Limited and Indiabulls Pharmaceuticals subsidiaries, among the stolen files.
As of now, the operators of CLOP Ransomware have uploaded 6 screenshots of the said files and told Indiabulls to reach out to them within 24 hours.
The report on Bleeping Computer claims that the operators of CLOP Ransomware were responsible for the cyberattack that steals unencrypted files and post a number of them on their leaks site, requesting to be paid to prevent them from uploading the files they took.
As said earlier, the 6 screenshots posted by CLOP Ransomware include a letter, a voucher, and 4 spreadsheets.
Until this moment, we are yet to figure out how the operators of CLOP Ransomware were able to gain access to the data, what’s in the leaked data, and the amount of ransom they requested.
According to the reports, Indiabulls has a leaked Citrix Netscaler ADC VPN gateway that’s vulnerable to the vulnerability of CVE-2019-19781. If exploited, the vulnerability can give an attacker the chance to remotely do arbitrary code execution for unauthenticated access, according to the info on the support page of Citrix.
In addition, a report by threat Intel firm Bad Packets claimed that in January, more than 25,000 Citrix (Netscaler) endpoints were discovered to be vulnerable to CVE-2019-19891.
In March 2020, it was reported that the operators of CLOP Ransomware also attacked a US pharmaceutical company, ExecuPharm. They stole an unencrypted file of 163GB, and this data have all been leaked ok their website.