www.cloudsek.com Open in urlscan Pro
2606:4700:3034::6815:bad Public Scan

Back to summary

URL:
https://www.cloudsek.com/blog/major-payment-disruption-ransomware-strikes-indian-banking-infrastructure
Submission: On September 06 via api (September 6th 2024, 9:12:46 am UTC) from IN — Scanned from US

Form analysis
1 forms found in the DOM

Name: email-form — GET

<form id="email-form" name="email-form" data-name="Email Form" method="get" class="form-v" data-wf-page-id="643d86bee5710968d7e506fa" data-wf-element-id="2ea9d89e-b6c8-5dfa-9484-0f34ae39de82" aria-label="Email Form">
  <div class="form-wrap"><input class="text-field-2 w-input" maxlength="256" name="Email-Form-Career" data-name="Email Form Career" placeholder="Enter your email" type="email" id="Email-Form-Career"><input type="submit" data-wait="Please wait..."
      class="button-primary-l-2 w-button" value="Get started"></div><label class="w-checkbox checkbox-field-2">
    <div class="w-checkbox-input w-checkbox-input--inputType-custom checkbox-2"></div><input type="checkbox" id="checkbox" name="checkbox" data-name="Checkbox" style="opacity:0;position:absolute;z-index:-1"><span class="checkbox-label-2 w-form-label"
      for="checkbox">I agree with <a href="#" class="text-link">Terms and Condition</a></span>
  </label>
</form>

Text Content

We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or
content, and analyze our traffic. By clicking "Accept All", you consent to our
use of cookies.

Customize Reject All Accept All
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions.
You will find detailed information about all cookies under each consent category
below.

The cookies that are categorized as "Necessary" are stored on your browser as
they are essential for enabling the basic functionalities of the site. ... Show
more

NecessaryAlways Active

Necessary cookies are required to enable the basic features of this site, such
as providing secure log-in or adjusting your consent preferences. These cookies
do not store any personally identifiable data.

* Cookie
AWSALBCORS
* Duration
7 days
* Description
Amazon Web Services set this cookie for load balancing.

* Cookie
__cfruid
* Duration
session
* Description
Cloudflare sets this cookie to identify trusted web traffic.

* Cookie
__cf_bm
* Duration
1 hour
* Description
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

* Cookie
_GRECAPTCHA
* Duration
6 months
* Description
Google Recaptcha service sets this cookie to identify bots to protect the
website against malicious spam attacks.

* Cookie
JSESSIONID
* Duration
session
* Description
New Relic uses this cookie to store a session identifier so that New Relic
can monitor session counts for an application.

Functional

Functional cookies help perform certain functionalities like sharing the content
of the website on social media platforms, collecting feedback, and other
third-party features.

* Cookie
li_gc
* Duration
6 months
* Description
Linkedin set this cookie for storing visitor's consent regarding using
cookies for non-essential purposes.

* Cookie
lidc
* Duration
1 day
* Description
LinkedIn sets the lidc cookie to facilitate data center selection.

* Cookie
UserMatchHistory
* Duration
1 month
* Description
LinkedIn sets this cookie for LinkedIn Ads ID syncing.

* Cookie
lang
* Duration
session
* Description
LinkedIn sets this cookie to remember a user's language setting.

Analytics

Analytical cookies are used to understand how visitors interact with the
website. These cookies help provide information on metrics such as the number of
visitors, bounce rate, traffic source, etc.

* Cookie
CLID
* Duration
1 year
* Description
Microsoft Clarity set this cookie to store information about how visitors
interact with the website. The cookie helps to provide an analysis report.
The data collection includes the number of visitors, where they visit the
website, and the pages visited.

* Cookie
_ga_*
* Duration
1 year 1 month 4 days
* Description
Google Analytics sets this cookie to store and count page views.

* Cookie
_ga
* Duration
1 year 1 month 4 days
* Description
Google Analytics sets this cookie to calculate visitor, session and campaign
data and track site usage for the site's analytics report. The cookie stores
information anonymously and assigns a randomly generated number to recognise
unique visitors.

* Cookie
_gid
* Duration
1 day
* Description
Google Analytics sets this cookie to store information on how visitors use a
website while also creating an analytics report of the website's performance.
Some of the collected data includes the number of visitors, their source, and
the pages they visit anonymously.

* Cookie
_gcl_au
* Duration
3 months
* Description
Google Tag Manager sets the cookie to experiment advertisement efficiency of
websites using their services.

* Cookie
_gat_UA-*
* Duration
1 minute
* Description
Google Analytics sets this cookie for user behaviour tracking.

* Cookie
_clck
* Duration
1 year
* Description
Microsoft Clarity sets this cookie to retain the browser's Clarity User ID
and settings exclusive to that website. This guarantees that actions taken
during subsequent visits to the same website will be linked to the same user
ID.

* Cookie
_gat_gtag_UA_*
* Duration
1 minute
* Description
Google Analytics sets this cookie to store a unique user ID.

* Cookie
_clsk
* Duration
1 day
* Description
Microsoft Clarity sets this cookie to store and consolidate a user's
pageviews into a single session recording.

* Cookie
MR
* Duration
7 days
* Description
This cookie, set by Bing, is used to collect user information for analytics
purposes.

* Cookie
SM
* Duration
session
* Description
Microsoft Clarity cookie set this cookie for synchronizing the MUID across
Microsoft domains.

* Cookie
AnalyticsSyncHistory
* Duration
1 month
* Description
Linkedin set this cookie to store information about the time a sync took
place with the lms_analytics cookie.

* Cookie
rxVisitor
* Duration
session
* Description
This cookie is set by the provider Dynatrace. This cookie is used to store
the visitor ID for the returning visitors.

Performance

Performance cookies are used to understand and analyze the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.

* Cookie
SRM_B
* Duration
1 year 24 days
* Description
Used by Microsoft Advertising as a unique ID for visitors.

* Cookie
AWSALB
* Duration
7 days
* Description
AWSALB is an application load balancer cookie set by Amazon Web Services to
map the session to the target.

* Cookie
rxvt
* Duration
session
* Description
This cookie is set by the provider Dynatrace. This is a session cookie used
to store two timestamps.

Advertisement cookies are used to provide visitors with customized
advertisements based on the pages you visited previously and to analyze the
effectiveness of the ad campaigns.

* Cookie
_rdt_uuid
* Duration
3 months
* Description
Reddit sets this cookie to build a profile of your interests and show you
relevant ads.

* Cookie
bcookie
* Duration
1 year
* Description
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to
recognize browser IDs.

* Cookie
li_sugr
* Duration
3 months
* Description
LinkedIn sets this cookie to collect user behaviour data to optimise the
website and make advertisements on the website more relevant.

* Cookie
MUID
* Duration
1 year 24 days
* Description
Bing sets this cookie to recognise unique web browsers visiting Microsoft
sites. This cookie is used for advertising, site analytics, and other
operations.

* Cookie
ANONCHK
* Duration
10 minutes
* Description
The ANONCHK cookie, set by Bing, is used to store a user's session ID and
verify ads' clicks on the Bing search engine. The cookie helps in reporting
and personalization as well.

* Cookie
bscookie
* Duration
1 year
* Description
LinkedIn sets this cookie to store performed actions on the website.

Uncategorized

Other uncategorized cookies are those that are being analyzed and have not been
classified into a category as yet.

* Cookie
AWSALBTGCORS
* Duration
7 days
* Description
No description available.

* Cookie
AWSALBTG
* Duration
7 days
* Description
No description available.

* Cookie
_cfuvid
* Duration
session
* Description
Description is currently not available.

* Cookie
li_alerts
* Duration
1 year
* Description
Description is currently not available.

Reject All Save My Preferences Accept All
Powered by
Home
Product
CloudSEK XVigil
External Digital Risk Protection

CloudSEK BeVigil Enterprise
Attack Surface Monitoring

CloudSEK SVigil
Software and Supply chain Risk Monitoring and Protection

CloudSEK BeVigil Community
Application Scanner

CloudSEK Exposure
Check if your organisation's data is in a data breach
Solutions
Cyber Threats Monitoring

Dark web monitoring

Brand Threats Monitoring

Infrastructure Monitoring

Partner Secret Scanning

BeVigil Jenkins CI

BeVigil OSINT CLI

BeVigil Asset Explorer
Resources

RESOURCES

Blog
The latest industry news, updates and info.

Threat Intelligence
Get up and running on new threat reports and techniques.

Knowledge Base
Basics of Cybersecurity and see more definitions

Whitepapers & Reports
The content team broke their backs making these reports.

Customer stories
Learn how our customers are making big changes. You have got good company!

COMPANY

Integrations
We are more connected than you know. Explore all Integrations

Partners
100s of partners and one Shared goal; Secure future for all us.

About us
Learn about our story and our mission statement.

Life at CloudSEK
A sneak peek at the awesome life at CloudSEK.

Careers
We're hiring!
We are in love with undeniable talent. Join our team!

Legal
All the boring but necessary legalese that legal made us add.

RESOURCES

BLOG POSTS

Securing Labor Day: Navigating the Rising Tide of Phishing Scams and Fraudulent
Job Offers
Read Now
All Blog Posts

WHITEPAPERS & REPORTS

Beyond the Storefront: E-commerce and Retail Threat Insights
Read the Report now!
All Reports

Adversary Intelligence
mins read

MAJOR PAYMENT DISRUPTION: RANSOMWARE STRIKES INDIAN BANKING INFRASTRUCTURE

CloudSEK's threat research team has uncovered a ransomware attack disrupting
India's banking system, targeting banks and payment providers. Initiated through
a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is
linked to the RansomEXX group.

CloudSEK TRIAD

Last Update posted on
August 1, 2024

Schedule a Demo
Table of Contents

* Text Link
* Text Link
*

* Executive Summary
* Understanding the Potential Attack Chain

* Analysis and Attribution
* Below is a detailed analysis of the RansomEXX v2.0 ransomware group:

* Attack History
* Larger Impact and Current Situation Analysis

* Threat Actor Activity and Rating
* References
* Appendix

Author(s)

CloudSEK TRIAD

Category: Adversary Intelligence

Industry: BFSI

Region: Asia

Motivation: Financial

TLP: AMBER

‍

EXECUTIVE SUMMARY

CloudSEK's threat research team is closely monitoring a significant ransomware
attack that has disrupted India's banking ecosystem, impacting banks and payment
providers. This report aims to dissect the attack chain, uncover adversary
tactics, and offer actionable insights for organizations to enhance their
security posture. As the situation is still unfolding, this report will provide
ongoing updates and recommendations to address the evolving threat landscape.

The impacted entity in this case is Brontoo Technology Solutions, a key
collaborator with C-EDGE, a joint venture between TCS and SBI. This report aims
to explore the broader implications of this attack on the ecosystem.

‍

UNDERSTANDING THE POTENTIAL ATTACK CHAIN

According to the report filed by Brontoo Technology Solutions with CertIn(Indian
Computer Emergency Response Team) it was mentioned that the attack chain started
at a misconfigured jenkins server. CloudSEK threat research team was able to
identify the affected jenkins server and subsequently the attack chain.

In the recent history we have published extensively on the exploitation of
Jenkins using a local file inclusion vulnerability, read about the case study
here and the complete exploit chain here

Screenshot of shodan identifying the said vulnerability in the targeted server

‍

* Vulnerability: CVE-2024-23897: The Jenkins instance used by Brontoo
Technology was affected by the same LFI CVE which can be leveraged to read
internal code or in this case as port 22 was open, get secure shell access by
reading the private keys.
* A primary part of the ransomware world is the Initial Access Brokerage, we
suspect(with low confidence) looking at the history and recent attack chains
exploited, this access could have been sold by IntelBroker(A threat
actor/Moderator from breachforums) to RansomEXX group for further
exploitation.

‍

This flowchart shows the attack path of compromising the Jenkins server using
said vulnerability

‍

ANALYSIS AND ATTRIBUTION

Through our investigation and leveraging sensitive sources, we have confirmed
that the ransomware group responsible for this attack is RansomEXX. This
determination was facilitated by our extensive engagement with the affected
banking sector in India

‍

RansomEXX v2.0 is a sophisticated variant of the RansomEXX ransomware, known for
targeting large organizations and demanding significant ransom payments. This
group operates as part of a broader trend where ransomware developers
continuously evolve their malware to bypass security defenses and maximize their
impact.

‍

BELOW IS A DETAILED ANALYSIS OF THE RANSOMEXX V2.0 RANSOMWARE GROUP:

‍

1. Background and Evolution

* Initial Emergence: RansomEXX, initially known as Defray777, first appeared in
2018. It was rebranded to RansomEXX in 2020.
* Evolution to v2.0: The v2.0 variant emerged as a response to the increasing
effectiveness of defensive measures. This evolution indicates enhancements in
encryption techniques, evasion tactics, and payload delivery methods.

‍

2. Infection Vectors and Tactics

* Initial Access: Common vectors include phishing emails, exploiting
vulnerabilities in remote desktop protocols (RDP), and leveraging weaknesses
in VPNs and other remote access services.
* Lateral Movement: After initial access, the group employs tools like Cobalt
Strike, Mimikatz, and other legitimate administrative tools to move laterally
within a network.
* Privilege Escalation: Utilizing known exploits and credential theft to gain
higher privileges within the compromised environment.(Please look at the
Appendix for complete table)

‍

3. Payload and Encryption

* Encryption Algorithm: RansomEXX v2.0 uses strong encryption algorithms, such
as RSA-2048 and AES-256, making file recovery without the decryption key
virtually impossible.
* File Encryption: Targets critical files and backups, rendering them
inaccessible. The group often exfiltrated data before encryption to use it as
leverage (double extortion).

‍

4. Ransom Demands and Negotiation

* Ransom Notes: Victims receive detailed ransom notes with instructions for
payment, typically in Bitcoin or other cryptocurrencies.
* Negotiation Tactics: RansomEXX is known to engage in negotiations, sometimes
lowering ransom demands based on the victim's response and perceived ability
to pay.

‍

5. Notable Incidents

* High-Profile Attacks: RansomEXX has targeted a range of high-profile
organizations across various sectors, including government agencies,
healthcare providers, and multinational corporations.
* Impact and Response: The attacks have resulted in significant operational
disruptions, data breaches, and financial losses. Many victims have resorted
to paying the ransom to restore operations quickly.

‍

6. Recent Developments

* Adaptive Techniques: RansomEXX v2.0 continues to evolve, incorporating new
techniques to bypass security measures. Recent reports indicate the use of
stolen digital certificates to sign malware, increasing trust and reducing
detection rates.
* Collaboration with Other Threat Actors: There is evidence of collaboration
with other cybercriminal groups, sharing tools, techniques, and
infrastructure.

‍

ATTACK HISTORY

While analyzing the attack history we found the following information:

‍

1. Region Wise distribution: The Ransomware group has majorly been active in
Europe, Asia and America region. They target continents and regions with maximum
chance of payout

Pie Chart showing region wise distribution of attacks

‍

2. Sector wise distribution: We can see that the most targeted industries are
Government followed by Technology then Manufacturing, Telecom as well as
Healthcare.All of these industries are business critical and have the maximum
chance of a payout or reputation upliftment

Pie chart showing the distribution of sector wise attacks

‍

3. Timeline of attacks: Since the ransomware group has been rebranded they have
had a total of 58 victims, following timeline represents the number of attacks
per year:

‍

4. Some Notable hacks: As mentioned above RansomEXX is known to target High
value organizations, following are some of the notable organizations they have
attacked.

1. Telecommunications Services of Trinidad and Tobago
2. Ministry of Defense of Peru
3. Kenya Airways
4. Ferrari
5. Viva Air
6. LITEON

‍

LARGER IMPACT AND CURRENT SITUATION ANALYSIS

* This attack highlights a significant vulnerability within our current systems
and threat modeling practices. Large organizations with substantial security
budgets are more challenging to breach, prompting attackers to exploit the
path of least resistance. Consequently, supply chain attacks have become
increasingly prevalent. The key takeaway from this report is not only that
the primary organization should maintain an updated Jenkins server, but all
critical vendors must also ensure their Jenkins servers are consistently up
to date.
* This situation is still evolving, with negotiations ongoing with the
ransomware group, and the data has yet to be published on their PR website.
* The ransomware group has a history of making extravagant ransom demands, and
we anticipate a similar approach in this case.
* These groups are meticulous in assessing the victim's payment capabilities
and the nature of the encrypted data, which they use as leverage.

‍

THREAT ACTOR ACTIVITY AND RATING

Threat Actor Profiling

Active since: Original group(Defray777) active since 2018

PR website:
hxxp[:]//rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion

Current Status: Active and a sudden surge in activity

History: Targets High value organizations

‍

REFERENCES

* *Intelligence source and information reliability - Wikipedia
* #Traffic Light Protocol - Wikipedia
* https://www.cloudsek.com/blog/born-group-supply-chain-breach-in-depth-analysis-of-intelbrokers-jenkins-exploitation
* https://www.cloudsek.com/blog/xposing-the-exploitation-how-cve-2024-23897-led-to-the-compromise-of-github-repos-via-jenkins-lfi-vulnerability

‍

APPENDIX

MITRE framework mapped to TTPs

‍

Initial Access

-Phishing: Spear Phishing Attachment (T1566.001): Attackers use targeted
phishing emails with malicious attachments.

- Exploit Public-Facing Application (T1190): Exploiting vulnerabilities in
public-facing applications.

- Valid Accounts (T1078): Using stolen or brute-forced credentials.

‍

Execution

- Command and Scripting Interpreter: PowerShell (T1059.001): Utilizing
PowerShell scripts to execute malicious commands.

- Command and Scripting Interpreter: Windows Command Shell (T1059.003): Using
the command prompt to execute malicious commands.

- System Services: Service Execution (T1569.002): Using Windows services to
execute the ransomware payload.

‍

Persistence

- Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
(T1547.001): Modifying registry keys or adding files to the startup folder.

- Create or Modify System Process: Windows Service (T1543.003): Creating or
modifying Windows services for persistence.

‍

Privilege Escalation

- Exploitation for Privilege Escalation (T1068): mExploiting vulnerabilities to
escalate privileges.

- Valid Accounts: Local Accounts (T1078.003): Using local administrator
accounts.

‍

Defense Evasion

- Obfuscated Files or Information (T1027): Using obfuscation techniques to avoid
detection.

- Deobfuscate/Decode Files or Information (T1140): Decrypting or decoding files
to execute payloads.

- Disabling Security Tools (T1562.001): Disabling antivirus and other security
tools.

‍

Credential Access

- OS Credential Dumping: LSASS Memory (T1003.001): Dumping credentials from the
LSASS process.

- OS Credential Dumping: NTDS (T1003.003): Dumping Active Directory credentials.

‍

Discovery

- Network Service Discovery (T1046): Enumerating network services.

- System Information Discovery (T1082): Gathering information about the OS and
hardware.

- Process Discovery (T1057): Enumerating running processes.

‍

Lateral Movement

- Remote Services: Remote Desktop Protocol (T1021.001): Using RDP to move
laterally within the network.

- Remote Services: SMB/Windows Admin Shares (T1021.002): Using SMB shares to
move laterally and deploy ransomware payloads.

‍

Collection

- Data from Local System (T1005): Collecting data from the local system.

- Data Staged: Local Data Staging (T1074.001): Staging collected data locally
before encryption or exfiltration.

‍

Exfiltration

- Exfiltration Over C2 Channel (T1041): Exfiltrating data over an established
command and control (C2) channel.

- Exfiltration Over Web Service (T1567.002): Using web services to exfiltrate
data.

‍

Impact

- Data Encrypted for Impact (T1486): Encrypting files on the victim’s system.

- Service Stop (T1489): Stopping services to facilitate encryption and hinder
recovery efforts.

- Inhibit System Recovery (T1490): Deleting or disabling backup and recovery
systems.

‍

Indicators Of Compromise:

SHA256

62e9d5b3b4d5654d6ec4ffdcd7a64dfe5372e209b306d07c6c7d8a883e01bead

6962e408aa7cb3ce053f569415a8e168a4fb3ed6b61283c468f6ee5bbea75452

981e6f2584f5a4efa325babadcb0845528e8147f3e508c2a1d60ada65f87ce3c

98266835a238797f34d1a252e6af0f029c7823af757df10609f534c4f987e70f

ad635630ac208406cd28899313bef5d4e57dba163018dfb8924de90288e8bab3

b6ed0a10e1808012902c1a911cf1e1b6aa4ad1965e535aebcb95643ef231e214

b89742731932a116bd973e61628bbe4f5d7d92b53df3402e404f63003bac5104

d931fe8da243e359e9e14f529eafe590b8c2dd1e76ca1ad833dd0f927648f88b

ec2a22d92dd78e37a6705c8116251fabdae2afecb358b32be32da58008115f77

f9c6dca22e336cf71ce4be540905b34b5a63a7d02eb9bbd8a40fc83e37154c22

09c99e37121722dd45a2c19ff248ecfe2b9f1e082381cc73446e0f4f82e0c468

4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458

78147d3be7dc8cf7f631de59ab7797679aba167f82655bcae2c1b70f1fafc13d

cb408d45762a628872fa782109e8fcfc3a5bf456074b007de21e9331bb3c5849

259670303d1951b6b11491ddf8b76cad804d7a65525eac08a5b6b4473b42818b

48301f37e92a9d5aa29710bda4eee034dd888a3edd79e2f74990300ffd8eb3b6

48460c9633d06cad3e3b41c87de04177d129906610c5bbdebc7507a211100e98

4b8103cd9fbb0efb472cbf39715becacf098f7ee44bf98f6672278e4e741542b

5c3569c166654eed781b9a2a563adec8e2047078fdcbafcdef712fabf2dd3f57

5ccf8c6bf9c39ccb54c5ebabd596a1335da522d70985840036e50e3c87079ab4

335d1c6a758fcce38d0341179e056a471ca84e8a5a9c9d6bf24b2fb85de651a5

452c219223549349f3b2c4fe25dfef583900f8dac7d652a4402cf003bf5ecf46

URLs

hxxp://iq3ahijcfeont3xx.sm4i8smr3f43.com

hxxps://iq3ahijcfeont3xx.tor2web.blutmagie.de

hxxp://iq3ahijcfeont3xx.fenaow48fn42.com

hxxp://iq3ahijcfeont3xx.sm4i8smr3f43.com

‍

AUTHOR

CloudSEK TRIAD

CloudSEK Threat Research and Information Analytics Division

PREDICT CYBER THREATS AGAINST YOUR ORGANIZATION

Schedule a Demo
Related Posts
Ransomware
November 4, 2023

UNDERGROUND MARKETPLACE UNVEILS NEW RANSOMWARE OFFERING QBIT WITH ADVANCED
ENCRYPTION & CUSTOMIZATION

On 23 October 2023, CloudSEK’s Threat Intelligence Team detected a
Ransomware-as-a-Service (RaaS) group, named QBit introducing a newly developed
ransomware written in Go, boasting advanced features to optimize its malicious
operations.

Malware
July 28, 2023

AMADEY EQUIPPED WITH AV DISABLER DROPS REDLINE STEALER

Our researchers have found out The Amadey botnet is now using a new Healer AV
disabler to disable Microsoft Defender and infect target systems with Redline
stealer.

Threat Intelligence
July 11, 2023

BREAKING INTO THE BANDIT STEALER MALWARE INFRASTRUCTURE

CloudSEK's threat researchers discovered a new Bandit Stealer malware web panel
on 06 July 2023, with at least 14 active instances.

JOIN 10,000+ SUBSCRIBERS

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

SECURE YOUR ORGANISATION WITH OUR AWARD WINNING PRODUCTS

CloudSEK Platform is a no-code platform that powers our products with predictive
threat analytic capabilities.

Digital Risk Protection platform which gives Initial Attack Vector Protection
for employees and customers.

Learn more about XVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection
for Software Supply Chain risks.

Learn more about SVigil

Creates a blueprint of an organization's external attack surface including the
core infrastructure and the software components.

Learn more about BeVigil Ent

Instant Security Score for any Android Mobile App on your phone. Search for any
app to get an instant risk score.

Learn more about BeVigil
Join our newsletter

We’ll send you a nice letter once per week. No spam.
Product
XVigil
BeVigil
SVigil
New
Tutorials
Pricing
Releases
Company
About us
Careers
Press
News
Media kit
Contact
Resources
Blog
Newsletter
Events
Help centre
Tutorials
Support
Use Cases
Startups
Enterprise
Government
SaaS
Marketplaces
Ecommerce
Social
Twitter
LinkedIn
Facebook
GitHub
AngelList
Dribbble
© 2077 Untitled UI
PrivacyGDPRDisclosure of Vulnerability

Products
XVigil

BeVigil Enterprise

SVigil

BeVigil

CloudSEK Exposure

Mobile App

Solutions
Cyber Threats Monitoring

Dark Web Monitoring

Brand Threat Monitoring

Infra Threat Monitoring

Partners Secret Scanning

BeVigil Jenkins CI

BeVigil OSINT CLI

BeVigil Asset Explorer

Takedowns

Resources
Blogs and Articles

Threat Intelligence

Whitepapers and Reports

Knowledge Base

Integrations

Community
Discord Community

CloudSEK News

CloudSEK Community

Company
About us

Customers

Partners

Life at CloudSEK

Secure Sips

Careers

Announcements

Press

At CloudSEK, we combine the power of Cyber Intelligence, Brand Monitoring,
Attack Surface Monitoring, Infrastructure Monitoring and Supply Chain
Intelligence to give context to our customers’ digital risks.

GDPR Policy

Privacy

Vulnerability Disclosure

Subscribe our newsletter

I agree with Terms and Condition
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Adversary Intelligence

min read

MAJOR PAYMENT DISRUPTION: RANSOMWARE STRIKES INDIAN BANKING INFRASTRUCTURE

Authors
CloudSEK TRIAD
CloudSEK Threat Research and Information Analytics Division

Co-Authors
CloudSEK TRIAD