Clop ransomware operators, who are known for stealing the files before encrypting them, are active again. This time they have attacked an Indian Conglomerate giant Indiabulls.

Clop targets Indiabulls

The Indian conglomerate, which has subsidiaries in housing, personal finance and lending, infrastructure, and pharmaceuticals domain, was hit with a cyberattack by Clop ransomware.
  • Earlier this month, the Indian conglomerate Indiabulls Group was targeted with a cyberattack from the CLOP Ransomware operators. 
  • After the attack, the CLOP threat actors uploaded screenshots of six stolen files on their 'CL0P^_- LEAKS' data leak site, with the message of "Contact us in 24H." The documents included vouchers, letters, and some spreadsheets related to the subsidiary companies Indiabulls Pharmaceuticals and Indiabulls Housing Finance Limited.
  • It is suspected (but not confirmed) that the hackers used a bug (CVE-2019-19781) in the Citrix Netscaler ADC VPN gateway to carry out the attack.

Recent attacks by Clop ransomware

Clop ransomware operators have been targeting various organizations at a steady pace since mid-2019, mostly using social engineering and malicious spam emails as attack vectors.
  • In April 2020, Clop ransomware had leaked the files stolen from ExecuPharm, the US-based pharmaceutical company, after ransom negotiations allegedly failed. Attackers had stolen 163 GB worth of financial, accounting, and employees' documents, as well as SQL backups.
  • In March 2020, the Clop ransomware operators had targeted UK-based EV Cargo Logistics and leaked the data after the ransom demand was not fulfilled. The data included sensitive files, including network drive passwords, client information, financial summary, etc.

Clop ransomware creates its data leak website

In March 2020, Clop Ransomware had come up with its own leak site called "CL0P^_- LEAKS" to publish stolen data for non-paying victims. At that time, it was showing data associated with four different companies.

Cyware Publisher