Indiabulls, a diversified financial services group with more than Rs. 28,580 crore (as on March 31, 2019) in net worth, has been reportedly breached by CLOP Ransomware operators. These operators, as per the report, claim to have stolen data that includes four spreadsheets related to the Indiabulls Pharmaceuticals and Indiabulls Housing Finance Limited subsidiaries, among other files. Till now, CLOP Ransomware operators have uploaded six screenshots of stolen files and asked Indiabulls to contact them in 24 hours.
According to a report by Bleeping Computer, the cyberattack on Indiabulls has come from CLOP Ransomware operators that steal unencrypted files and post some of them on their leaks website, demanding a ransom to stop them from posting all the stolen files. The report states that the group posted six screenshots of stolen files including a letter, a voucher, and four spreadsheets that are said to be related to Indiabulls Pharmaceuticals and Indiabulls Housing Finance Limited subsidiaries.
As of now, it is unclear how the CLOP Ransomware operators were able to access the data, what all data has been leaked, or how much ransom has been demanded. The report states that Indiabulls has an exposed Citrix Netscaler ADC VPN gateway that is vulnerable to CVE-2019-19781 vulnerability. This vulnerability, if exploited, can allow an attacker to perform arbitrary code execution remotely for unauthenticated access, as per the information on Citrix support page.
Additionally, according to a report by threat intel firm Bad Packets, over 25,000 Citrix (Netscaler) endpoints were found to be vulnerable to CVE-2019-19781 back in January.
In March, US pharmaceutical company ExecuPharm was also reportedly attacked by CLOP Ransomware operators. They had stolen 163GB of unencrypted files, all of which has been leaked on their data leak website.
Gadgets 360 has reached out to Indiabulls for comment and will update the space as and when we get a response.