Axis Bank is one of the largest Banks in India with revenues of over $5.5 billion. The Bank has become a subject of a ransomware attack. The attack has been carried out by the CLOP ransomware threat actor.
Key points about the Axis Bank ransomware attack
- As of 13th March 2023, the CLOP ransomware group has removed Axis Bank from the list of its victims. This, effectively, puts an end to all speculation around the latest ransomware cyber incident targeted toward Axis Bank. A full sequence of events that unfolded over the last 3 days is shared below for a case study.
- The information about the ransomware attack was updated by the CLOP ransomware threat actor on 10th March 2023.
- CLOP ransomware group has disclosed the name of Axis Bank as its latest victim on the leaks website. The information has been widely shared on Twitter by security professionals and cyber-security leaders. You can check one such update about the incident on this page. A screenshot of the tweet dated 10th March 2023 is shared below.
- The type of attack carried out on the Axis Bank infrastructure is unknown at this point in time.
- There has been no official confirmation of the attack from the Bank.
- It remains to be seen if this is a data breach incident. Or, if it is a full-scale encryption event. Generally speaking, the Banks are adequately protected against emerging threats or old threats.
- It is too early to gauge the extent of this attack. It may well end up being an attack on one of the third parties affiliated with Axis Bank’s support services.
- No information about ransom demand is available at this point in time.
We will update this story as more details emerge in the next few days. For now, we can confirm that:
- The website of Axis Bank is working seamlessly. You can check it live on https://www.axisbank.com/.
- The phone support of Axis Bank is working smoothly.
- The Banking app of Axis Bank is working fine as we write this.
It appears that there has been no impact on the customer-facing functions of the Axis Bank banking operations.
Given this understanding, it is not clear what the target of this attack by CLOP is. The head office of Axis Bank is located in Mumbai. Was the Mumbai office the subject of this cyber-attack? On a similar note, Axis Bank has multiple offices all through the country in India. And, it uses a network of third-party service providers for a range of services.
As mentioned above, we will update this cyber incident report once we get confirmed details of the data breach or the ransomware attack.
Meanwhile, we can confirm that Axis Bank became a subject of data breach incidents in the months of February 2022 and in October 2016. On both instances, Axis Bank had informed the Indian central Bank about unauthorized access into its systems by a hacker.
The Indian central Bank or the Reserve Bank of India has one of the most well-established security practices in the world for all the private and national Banks of India. So, it remains to be seen if the purported attack on Axis Bank brings any meaningful impact on the Banking operations of the Bank.
About Axis Bank
Axis Bank is the third largest private bank in India. It’s main office is based in the city of Mumbai. Axis Bank has 4,758 domestic branches (including extension counters) with 10,990 ATMs & 5,972 cash recyclers spread across India as of 31st March 2022.
The Bank has eight international offices in Singapore, Dubai (at DIFC), and Gift City-IBU; representative offices in Dhaka, Dubai, Abu Dhabi, Sharjah and an overseas subsidiary in London, UK.
The Bank has a revenue in excess of $5 billion. It was set up in the year 1994 and has made consistent progress over the past 25 years to emerge as one of the biggest private Banks in India.
About CLOP ransomware
CLOP is a ransomware operator that uses vulnerabilities within the IT infrastructure to drop malware files and encrypt the files with .CLOP extension. It can target computers that may be running Windows XP, Windows7, Windows8, Windows8.1, and Windows 10. It can use the AES cipher standard to encrypt files and seek ransom payments.
Clop virus’ name originates from the Russian “klop,” which means “bed bug”. It is considered one of the most potent malware software used by ransomware threat actors to target corporate networks and infrastructure.
Most read cyber incident stories from this month:
- Hafele suffers ransomware attack
- Reventics experiences a cyber attack
- ION Trading ransomware attack update
- Canada’s Indigo book store targeted in cyber attack
- Royal Mail ransomware attack update
- Acer experiences a data breach incident
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.