Saturday , November 16 2024

LockBit 3.0 Leaks 600 GBs of Data Stolen From Indian Lender

infosecbulletin Tuesday , May 9 2023 Data Breach, International

The LockBit 3.0 ransomware group on Monday leaked 600 gigabytes of critical data stolen from Indian lender Fullerton India, two weeks after the group demanded a $3 million ransom from the company.

Fullerton India said on April 24 that it had suffered a malware attack that forced it to temporarily operate offline as a precaution. The company said it had resumed customer services and worked with global cybersecurity experts to make its security environment more resilient.

Palo Alto Networks Confirms critical RCE zero-day actively exploited

By infosecbulletin / Friday , November 15 2024
"Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall...
Read More
Palo Alto Networks Confirms critical RCE zero-day actively exploited

CISA, FBI Warns
Hacker compromised multiple teleco network at US

By infosecbulletin / Friday , November 15 2024
US authorities have revealed a major cyberespionage campaign by hackers, targeting information from Americans in government and politics. The FBI...
Read More
CISA, FBI Warns Hacker compromised multiple teleco network at US

(CVE-2024-52301)
Laravel Flaw Unveils Millions of Web Applications to Attack

By infosecbulletin / Friday , November 15 2024
A significant security flaw, CVE-2024-52301, has been found in the Laravel framework, which is widely used for web applications. With...
Read More
(CVE-2024-52301) Laravel Flaw Unveils Millions of Web Applications to Attack

Bitdefender releases free decryptor for ShrinkLocker ransomware

By infosecbulletin / Thursday , November 14 2024
Bitdefender has released a decryptor for the ShrinkLocker ransomware after months of concern from responders regarding attacks involving this malware....
Read More
Bitdefender releases free decryptor for ShrinkLocker ransomware

Fortinet releases updates for Various Products

By infosecbulletin / Wednesday , November 13 2024
Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take...
Read More
Fortinet releases updates for Various Products

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

By infosecbulletin / Wednesday , November 13 2024
Microsoft's latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited....
Read More
Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

By infosecbulletin / Monday , November 11 2024
On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems...
Read More
CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

Cyberattack Disrupts Israel’s Gas and Payment Systems

By infosecbulletin / Monday , November 11 2024
A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping...
Read More
Cyberattack Disrupts Israel’s Gas and Payment Systems

Russia blocks thousands websites using Cloudflare’s privacy service

By infosecbulletin / Monday , November 11 2024
Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....
Read More
Russia blocks thousands websites using Cloudflare’s privacy service

Hacker to sale Indian Gov.t email credentials

By infosecbulletin / Sunday , November 10 2024
Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...
Read More
Hacker to sale Indian Gov.t email credentials

The ransomware group soon listed Fullerton India as a victim on its data leak site, stating it had stolen more than 600 gigabytes of “loan agreements with individuals and legal companies.”

The group set a deadline of April 29 for the company to pay the ransom to keep the group from publishing the stolen data. The group also gave the company the option to pay $1,000 to extend the deadline by 24 hours.

Fullerton India operates 699 branches across India that offer doorstep credit services to around 2.1 million customers. The company in 2022 had more than $2.5 billion worth of assets under management and employed over 13,000 people.

Ritesh Bhatia, noted cybercrime researcher and the founder of V4WEB Cybersecurity, shared evidence with Information Security Media Group about the LockBit group releasing documents related to Fullerton India on the dark web. He said the data leak occurred as a result of Fullerton India refusing to engage with the ransomware group, leading to the group initiating triple-extortion tactics to force the company to pay.

While double extortion involves ransomware actors encrypting a victim’s data and exfiltrating it to place additional pressure on the victim to pay, a triple-extortion tactic involves hackers contacting the victim’s clients, business partners, vendors and customers to make the breach public and force the victim to come to the negotiating table.

(Source: bank info security)

Check Also

typist

Russia blocks thousands websites using Cloudflare’s privacy service

Russia’s media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare’s encryption feature that …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin