Days after the news around a ransomware attack on Axis Bank surfaced, Clop ransomware group removed India’s largest private sector lender from the ransomware group’s leak site.
“CL0P #ransomware group have removed the Major #Indian private sector bank which was listed as a victim in their leaks site last week,” tweeted Cybersecurity company Falcon Feeds today, along with the earlier tweet.
A similar instance happened last month, when LockBit ransomware group removed financial data firm ION Group’s name from its extortion website, indicating that a ransom may have been paid.
Axis Bank is yet to reply to the requests for comments from The Cyber Express on whether a ransom was paid.
Ransomware attack on Axis Bank
On March 10, several Twitter handles such as @FalconFeedsio and @TMRansomMonitor and cybersecurity researcher Dominic Alvieri tweeted about the ransomware attack on Axis Bank and Clop ransomware group listing it as a victim.
“CL0P^_-Leaks posts India’s third largest private sector bank in Axis Bank and Alivia Health, Puerto Rico’s largest coalition of pharmacies,” tweeted Cybersecurity researcher Dominic Alvieri on March 10.
Subsequently, a Twitter user replied on 12 March that the post on the leak site is no longer there.
I’m not seeing these on their leak site… any chance they removed it?
— Babalola Adigun (@BabalolaAdigun3) March 11, 2023
If confirmed, this will be counted the latest among the cybersecurity incidents Axis bank faced in recent years.
Apart from the regular phishing and hacking campaigns common for large banks, Axis Bank faced a major PR crisis in 2016 after it suffered a data breach.
Axis Bank and 2016 data breach
Cybersecurity company Kaspersky Lab notified the bank in early 2016 that several of its computers had been compromised. Upon investigation, Axis discovered an unauthorized login by an unnamed offshore hacker.
The bank in October 2016 filed a preliminary report about the breach with the Reserve Bank of India (RBI) and hired EY to investigate the incident. According to the Axis Bank spokesperson, there have been no reports of fund transfers.
RBI advised bank chairmen to review their nostro accounts and carry out hourly reconciliation of payment emails by comparing outward messages with SWIFT confirmations, reported The Economic Times.
“Most Indian banks, including institutions which are listed abroad, keep cyber-attacks under wraps and rarely inform the regulator,” said the report.
Axis Bank has a vulnerability disclosure policy in place, welcoming any alerts on system bugs or suspicious activities in the bank’s operations.
“If you are a security researcher and have discovered a security vulnerability in one of our services, we appreciate your help in disclosing it to us in a responsible manner. We will validate and fix vulnerabilities in accordance with our policies,” said the statement.
“Axis Bank reserves all of its legal rights in the event of any noncompliance to the applicable laws and regulations,” it added.
Axis Bank and the possibility of ransom payment
Ransomware gangs usually list organizations as victims as part of their extortion campaigns. Journalists at The Cyber Express have reported on the names of organizations being removed after the ransom was paid.
The LockBit ransomware group, responsible for the cyberattack on financial data company ION Group, removed the company’s name last month after announcing that a ransom has been paid.
However, the group did not disclose any information regarding the specific amount or offered any evidence of payment. ION Group declined to comment.
According to the Reserve Bank of India, the responsibility of protecting and retrieving data and mitigating the damage falls on the bank in the event of a cyberattack.
“Banks need to take effective measures to prevent cyber-attacks and to promptly detect any cyber-intrusions so as to respond /recover/contain the fall out,” said RBI’s statement on Cyber Security Framework in Banks.
According to the statement, banks should take necessary preventive and corrective actions to address almost all possible cyber threats, including ransomware attacks.