The attack, which was carried out by a hacker group called EpsilonRed, crippled internal networks of Nucleus Software Exports and encrypted sensitive business information.
Nucleus Software Exports (NSE), India’s financial software powerhouse, provides lending software to India’s banks and retail stores.
The incident happened on May 30, according to a report by the company filed on Tuesday with the Indian National Stock Exchange authority.
In a quarterly report, the NSE said it is in the process of restoring data and containing the damage caused by the attack.
So far as sensitive data pertains to, the company said to financial regulators it dis not store such data:
“So far as sensitive data is concerned, we’d like to assure our customers that there is NO financial data of any customer available/stored with us and therefore the question of any leakage or loss of client data does not arise,” the company told Indian financial regulators.
Unlike the company, the researchers from the cyber-security community have revealed the ransomware strain that hit the NSE’s network – BlackCocaine, more commonly known as EpsilonRed.
EpsilonRed/BlackCocaine is a new type of ransomware and among the most recently discovered.
The EpsilonRed gang is a group of criminals that used to target the ProxyLogon exploit to gain entry to unpatched Microsoft email servers. It then deployed PowerShell scripts to allow it to execute commands inside a victim’s network.
According to security firm Sophos, the ransomware gang was able to successfully attack at least some of their victims. The company said that the attackers were able to get $210,000 from their previous attacks.
While NSE did not reveal the exact details of their breach nor if it paid the ransom demand, it is widely believed that the attack originated from an Exchange server. Also, it showed that even with “bare-bones” tools, as Sophos put it, a ransomware gang can infiltrate a major financial software provider.
Although the BlackCocaine/EpsilonRed samples are new, their code is still not yet polished. Therefore, in case of an attack, there might be ways to recover files under certain conditions, Emsisoft malware analyst noted.