CLOP Ransomware hackers leak tons of confidential data after Indian financial conglomerate, IndiaBulls fails to contact the ransomware operators
We had reported how CLOP Ransomware operators had claimed to have infected the Indian financial conglomerate, Indiabulls with their ransomware. As a proof of infection and access to the Indiabulls data, the CLOP Ransomware operators had released screenshots of Indiabulls office communication and vouchers on their dark web website, CL0P^_- LEAKS.
The CLOP ransomware operators had made a post on their dark website stating that they had infected the Indiabulls group web servers with their ransomware. They had asked the Indiabulls officials to contact them within 24 hours or they would start leaking the database that they had stolen from the Indiabulls servers.
Now, cybersecurity and database tracker firm, Cyble says that CLOP ransomware operators have dumped a 2GB Indiabulls database after Indiabulls failed to contact them. Cyble says that the dump was leaked after the 24-hour ransomware warning had passed.
The CLOP ransomware operators dumped a 5GB database that contains confidential Indiabulls clients details like Adhaar card, passport details, Pan card details, and voting card details. The leak also contains personal employee information like official ID, contact details, passwords, and codes that granted access permission to the company’s online banking service.
The IndiaBulls group spokesman said that the company was informed about the compromise of its systems on Monday; however, the data leaked is not sensitive. When asked about the data leak incident that happened on Wednesday, he said that the company had nothing to say.
The CLOP ransomware operators have claimed to have encrypted all files of the Indiabulls group so we could have another round of data leaks from them soon. Cyble researchers say that CLOP ransomware was infected into the Indiabulls servers using a zero-day in a Citrix Netscaler ADC VPN gateway. The Citrix Netscaler ADC VPN gateway has a known flaw with the CVE-2019-19781 identifier.