Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline
By Lawrence Abrams
Published: 2020-06-22 · Archived: 2026-04-06 00:47:15 UTC
Indian conglomerate Indiabulls Group has allegedly been hit with a cyberattack from the CLOP Ransomware operators who
have leaked screenshots of stolen data.
The Indiabulls Group is an Indian conglomerate with $3.5 billion in revenue (2019), over 19,000 employees,
and subsidiaries focusing on housing, personal finance and lending, infrastructure, and pharmaceuticals.
"The Indiabulls Group is a diversified financial services group with interests in housing finance, consumer finance and
personal wealth. The Group also has a presence in Real Estate, Pharmaceuticals, Lighting and Infrastructure & Construction
Equipment Leasing. The group has a net worth of more than ₹ 28,580 Cr. (as on 31st March, 2019)," states their about page.
https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/
Page 1 of 4

0:00
https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/
Page 2 of 4

Visit Advertiser websiteGO TO PAGE
CLOP Ransomware claims to have breached Indiabulls
The CLOP Ransomware operators claimed to have breached Indiabulls and have posted screenshots of files that they have
allegedly stolen during the attack.
When performing a ransomware attack, the CLOP threat actors are known to steal unencrypted files before deploying the
ransomware.
These files are then posted on their 'CL0P^_- LEAKS' data leak site with a threat that more data will be leaked if the ransom
demand is not paid.
Today, the CLOP threat actors have uploaded screenshots of six stolen files with the message of "Contact us in 24H."
The leaked documents include a voucher, a letter, and four spreadsheets related to the Indiabulls Pharmaceuticals
and Indiabulls Housing Finance Limited subsidiaries.
Indiabulls leak on CLOP data leak site
It is not known how much CLOP is demanding for a ransom or when the attack occurred.
Cyberintelligence firm Bad Packets told BleepingComputer, though, that Indiabulls has an Citrix Netscaler ADC VPN
gateway exposed, which is vulnerable to the CVE-2019-19781 vulnerability.
It is not known if this is how they were potentially breached.
Threat intel firm Bad Packets said that its internet-wide scans had discovered last year that the fintech company had run
unpatched servers for a long time, leaving its systems exposed to attacks.
In March, the CLOP Ransomware operators also conducted an attack against U.S pharmaceutical company
ExecuPharm when they stole 163GB of unencrypted files. Since then, the ransomware actors have leaked it all on their data
leak site after not being paid.
BleepingComputer has contacted both CLOP and Indiabulls but has not received a response as of yet.
H/T Cyble
https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/
Page 3 of 4

Update 6/22/20: Added information about vulnerable Netscaler device.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the
other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic
questions for any tool evaluation.
Source: https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/
https://www.bleepingcomputer.com/news/security/indiabulls-group-hit-by-clop-ransomware-gets-24h-leak-deadline/
Page 4 of 4