{ "id": "661c5993-eb33-4f37-a322-5bd66d4a28fd", "created_at": "2026-04-06T00:08:56.363626Z", "updated_at": "2026-04-10T03:21:12.324102Z", "deleted_at": null, "sha1_hash": "98b1d34397fd598968f946bb2f26e6881a46774a", "title": "EpsilonRed ransomware group hits one of India's financial software powerhouses", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 244946, "plain_text": "EpsilonRed ransomware group hits one of India's financial\r\nsoftware powerhouses\r\nBy Catalin Cimpanu\r\nPublished: 2022-12-12 · Archived: 2026-04-05 16:16:33 UTC\r\nNucleus Software Exports, an Indian company that provides lending software to banks and retail stores, has\r\nsuffered a major ransomware attack that crippled some of its internal networks and encrypted sensitive business\r\ninformation.\r\nThe incident took place last Sunday, on May 30, according to a document the company filed on Tuesday with the\r\nIndian National Stock Exchange authority.\r\nImage: The Record\r\nIn a quarterly report filed on Thursday, NSE said it's in the process of containing the damage and recovering and\r\nrestoring impacted systems.\r\n\"So far as sensitive data is concerned, we'd like to assure our customers that there is NO financial data of any\r\ncustomer available/stored with us and therefore the question of any leakage or loss of client data does not arise,\"\r\nthe company told Indian financial regulators.\r\nBut while an NSE spokesperson has declined to comment on the attack on several occasions, members of the\r\ncyber-security community have been able to track down the ransomware strain that was deployed on the\r\ncompany's network.\r\nhttps://therecord.media/epsilonred-ransomware-group-hits-one-of-indias-financial-software-powerhouses/\r\nPage 1 of 3\n\nImage: The Record\r\nThe ransomware, identified as BlackCocaine, but more commonly known as EpsilonRed, is among the most\r\nrecent ransomware strains discovered.\r\nFirst spotted last month by UK security firm Sophos, the EpsilonRed gang works by targeting unpatched\r\nMicrosoft Exchange email servers vulnerable to the ProxyLogon exploit, getting a foothold on the vulnerable\r\nsystem, and then deploying a collection of PowerShell scripts to allow it to move internally inside a victim's\r\nnetwork.\r\nIn its report, Sophos said the ransomware gang has been successful in at least some of their attacks, discovering\r\npayments of $210,000 from previous incidents.\r\nWhile NSE has not confirmed that the entry point for their breach was an Exchange server nor if it paid the\r\nransom demand, the incident proves that even with tools that Sophos described as \"bare-bones,\" a ransomware\r\ngang was capable of infiltrating a major financial software supplier and hold it for ransom with little effort.\r\nBut because the ransomware is still new, its code is not yet top-notch. An Emsisoft malware analyst, which took a\r\nlook at the BlackCocaine/EpsilonRed sample, recommended that companies to reach out in case of an attack, as\r\nthere might be ways to recover files under certain conditions.\r\nhttps://therecord.media/epsilonred-ransomware-group-hits-one-of-indias-financial-software-powerhouses/\r\nPage 2 of 3\n\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/epsilonred-ransomware-group-hits-one-of-indias-financial-software-powerhouses/\r\nhttps://therecord.media/epsilonred-ransomware-group-hits-one-of-indias-financial-software-powerhouses/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://therecord.media/epsilonred-ransomware-group-hits-one-of-indias-financial-software-powerhouses/" ], "report_names": [ "epsilonred-ransomware-group-hits-one-of-indias-financial-software-powerhouses" ], "threat_actors": [], "ts_created_at": 1775434136, "ts_updated_at": 1775791272, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/98b1d34397fd598968f946bb2f26e6881a46774a.pdf", "text": "https://archive.orkl.eu/98b1d34397fd598968f946bb2f26e6881a46774a.txt", "img": "https://archive.orkl.eu/98b1d34397fd598968f946bb2f26e6881a46774a.jpg" } }