{
	"id": "6cae5eef-3961-4212-a7f1-e78461be0072",
	"created_at": "2026-04-06T01:31:23.457272Z",
	"updated_at": "2026-04-10T13:11:33.452074Z",
	"deleted_at": null,
	"sha1_hash": "f7386f72ee1f17c6eb96404ee4f3e7ffb443841a",
	"title": "Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1551426,
	"plain_text": "Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline\r\nBy Lawrence Abrams\r\nPublished: 2020-06-22 · Archived: 2026-04-06 00:47:15 UTC\r\nIndian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who\r\nhave leaked screenshots of stolen data.\r\nThe Indiabulls Group is an Indian conglomerate with $3.5 billion in revenue (2019), over 19,000 employees,\r\nand subsidiaries focusing on housing, personal finance and lending, infrastructure, and pharmaceuticals.\r\n\"The Indiabulls Group is a diversified financial services group with interests in housing finance, consumer finance and\r\npersonal wealth. The Group also has a presence in Real Estate, Pharmaceuticals, Lighting and Infrastructure \u0026 Construction\r\nEquipment Leasing. The group has a net worth of more than ₹ 28,580 Cr. (as on 31st March, 2019),\" states their about page.\r\nhttps://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nCLOP Ransomware claims to have breached Indiabulls\r\nThe CLOP Ransomware operators claimed to have breached Indiabulls and have posted screenshots of files that they have\r\nallegedly stolen during the attack.\r\nWhen performing a ransomware attack, the CLOP threat actors are known to steal unencrypted files before deploying the\r\nransomware.\r\nThese files are then posted on their 'CL0P^_- LEAKS' data leak site with a threat that more data will be leaked if the ransom\r\ndemand is not paid.\r\nToday, the CLOP threat actors have uploaded screenshots of six stolen files with the message of \"Contact us in 24H.\"\r\nThe leaked documents include a voucher, a letter, and four spreadsheets related to the Indiabulls Pharmaceuticals\r\nand Indiabulls Housing Finance Limited subsidiaries.\r\nIndiabulls leak on CLOP data leak site\r\nIt is not known how much CLOP is demanding for a ransom or when the attack occurred.\r\nCyberintelligence firm Bad Packets told BleepingComputer, though, that Indiabulls has an Citrix Netscaler ADC VPN\r\ngateway exposed, which is vulnerable to the CVE-2019-19781 vulnerability.\r\nIt is not known if this is how they were potentially breached.\r\nThreat intel firm Bad Packets said that its internet-wide scans had discovered last year that the fintech company had run\r\nunpatched servers for a long time, leaving its systems exposed to attacks.\r\nIn March, the CLOP Ransomware operators also conducted an attack against U.S pharmaceutical company\r\nExecuPharm when they stole 163GB of unencrypted files. Since then, the ransomware actors have leaked it all on their data\r\nleak site after not being paid.\r\nBleepingComputer has contacted both CLOP and Indiabulls but has not received a response as of yet.\r\nH/T Cyble\r\nhttps://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/\r\nPage 3 of 4\n\nUpdate 6/22/20: Added information about vulnerable Netscaler device.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/\r\nhttps://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/"
	],
	"report_names": [
		"indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline"
	],
	"threat_actors": [],
	"ts_created_at": 1775439083,
	"ts_updated_at": 1775826693,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f7386f72ee1f17c6eb96404ee4f3e7ffb443841a.pdf",
		"text": "https://archive.orkl.eu/f7386f72ee1f17c6eb96404ee4f3e7ffb443841a.txt",
		"img": "https://archive.orkl.eu/f7386f72ee1f17c6eb96404ee4f3e7ffb443841a.jpg"
	}
}