Despite Pine Labs maintaining that its systems were secure, a preliminary investigation revealed that the attack affected financial institutions across India.
Pine Labs, an Indian merchant company that provides financing and last-mile retail transaction technology, is the latest victim of a ransomware attack, an investigation by Cyble Research Lab has revealed. Pine Labs was attacked by a ransomware group called BlackMatter which has emerged as a new hacking group that extorts huge sums of money. According to the report, 5,00,000 unique records including sensitive information such as phone, name, and email ids were accessed.
Cyble Research Lab is a global threat intelligence Software as a Service (SaaS) provider that helps enterprises protect themselves from cybercrimes and exposure on the dark web.
According to cybersecurity firm SophosLab, India tops the list of countries most affected by ransomware attacks. CheckPoint’s report has also indicated that ransomware attacks in India rose by 93 percent in the first six months of 2021. Holding digital information hostage is a popular way for ransomware hackers to get rich since companies are willing to pay huge sums of money to retrieve their data. India doesn’t have a data protection bill yet and there is no recourse for firms or their customers once they are targetted.
Speaking to Inc42 about the data breach, Sanjeev Kumar, the chief technology officer of Pine Labs said, “We can confidently state that our systems continue to be fully secure and our production systems continue to operate as usual and all customer data is safe.” He also told Inc42 that the data which was breached are 2014 legal business contracts and his organisation is investigating if any user laptop or server was the source of this information.
Details of the ransomware attack
Cyble Research Lab shared the following details about the attack on its website:
- The attack came to light after BlackMatter updated its victim list on its website on August 10, 2021.
- The initial findings of the investigation indicated that the attack had affected multiple financial institutions that were using Pine Labs services across India
- Service and other private agreements between multiple Indian banks/institutions and Pine Labs were exposed.
- Multiple financial records were also accessed during the attack.
Recommendations by Cyble Research Lab to protect against cyber-attacks
- Use the shared Indicators of Compromise (IoCs) to monitor and block malware infection
- Use strong passwords and enforce multi-factor authentication wherever possible
- Keep the automated software update feature on your computer, mobile, and other connected devices on
- Use a reputed antivirus and Internet security software package on your computer, laptop, and other connected devices
- Refrain from opening untrusted links and email attachments without verifying their authenticity.
Ransomware attacks in 2021
- Domino’s India was a victim of a data breach in which 1 million credit card records and 180 million pizza preferences were up for sale on the dark web. It was later reported that someone was asking for 10 bitcoins, approximately ₹4 crore, for 13TB of data which customers’ names, phone numbers, and email addresses.
- Upstox’s customer data was being sold on the dark web after a data leak by ShinyHunters. Hackers demanded a ransom of ₹9 crore to not publish the user data. The security breach leaked user data that included names, birthdates, PAN, passports, and photos of user signatures, etc. The security breach was first reported by Rajshekhar Rajaharia, an independent security researcher.
- Colonial Pipeline Co. was targetted by the DarkSide ransomware group in May this year. The attack caused widespread disruptions to fuel supply in the U.S. East Coast and the company had to pay a $4.4 million ransom in Bitcoin.
- JBS USA was a victim of a ransomware attack by REvil ransomware group after the Colonial Pipeline attack and had to shut down its operations. It paid a ransom of $11 million.
- Acer was also targetted by REvil ransomware group in March. The organization didn’t confirm whether it had been a victim of the attack and it’s not clear if it complied with the demand. The ransomware group had demanded a payout of $50 million.
- Gigabyte was hit by a ransomware attack by the RansomEXX ransomware gang recently. The ransomware gang had threatened that it will leak 112GB of data if the ransom wasn’t paid.
- Accenture Becomes Latest Victim Of A Ransomware Attack, But Says No Disruption To Operations
- T-Mobile Suffers Fifth Data Breach In Four Years As Hackers Get Away With Sensitive Data Of 100 Million Users: Report
- Delhi HC Issues Notice On Demand For CERT-In Investigation Into Domino’s, Air India Data Breaches
Have something to add? Post your comment and refer MediaNama to someone. You can find more details here.