Indiabulls Housing Finance Cloglomorate hit with CLOP Ransomware, cybercriminals demand ransom within 24 hours and threaten to leak confidential information on their dark web website
The diversified ransomware group, CLOPs has infected one of India’s largest housing finance conglomerates, IndiaBulls with its ransomware. The CLOP Ransomware is a very vocal ransomware group with its own website called ‘CL0P^_- LEAKS’ on the dark web. One infected, the ransomware makers demand ransom in Bitcoins or threaten to leak the data they stole on their website.
According to a post made by CLOPs on their dark web website, CL0P^_- LEAKS, they have infected Indiabulls with CLOPs ransomware and have encrypted the files on the website. They have demanded that the Indiabulls officials contact them within 24 hours or all the details will be made public on their website. As proof of having access to the Indiabulls data, the CLOPs team published screenshots of six stolen files with the message of “Contact us in 24H.”
The screenshot posted by the CLOPs team seems to be from a voucher from the Indiabulls database. Cyberintelligence firm Bad Packets told BleepingComputer that the Indiabulls webserver may have been infected through a zero-day in a Citrix Netscaler ADC VPN gateway. The Citrix Netscaler ADC VPN gateway has a known flaw with the CVE-2019-19781 identifier. Bad Packets said that it is not certain this flaw was exploited by the CLOP Ransomware makers.
Indiabulls is one of the top housing finance conglomerates nearly $3.5 billion in revenue and over 19,000 employees. It operates in housing finance, personal loans, infrastructure, and pharmaceuticals. Last year it was hit by a Public Interest Litigation which caused its stock price to tank from a high of $9.85 to a multi-year low of $1.07. As of today, the stock price is trading at $3.18 and the CLOP Ransomware could shake it a little tomorrow.