Bengaluru: The Lockbit Ransomware Group garnered significant attention on October 6, 2023, when they confidently asserted their culpability in the cyber assault on Tata Tele Business Services. The collective issued a warning to disclose sensitive material as evidence of their unauthorized access, subsequently revealing confidential information belonging to several entities. Upon doing a more thorough analysis of the available data, the research team from CloudSEK, a cybersecurity organization, has uncovered a somewhat unexpected revelation. The presence of the administrator name “administrator.marketcity” suggests that the compromised data is, in fact, associated with Phoenix Mills rather than Tata Tele Business Services.
Phoenix Mills Ltd: The True Victim
Phoenix Mills Ltd is an Indian real estate development business that specializes in the creation of commercial and retail spaces. The company operates within two primary divisions, namely Property and related services, and Hospitality. The organization has gained a significant reputation for its Market City projects located in various cities including Mumbai (Kurla), Bangalore, Chennai, Pune, and Raipur. The entity that has been targeted by the Lockbit ransomware group’s attack is indeed Phoenix Mills.
Revealing the Extracted Data
The initial assertion made by the Lockbit ransomware organization involved the purported exfiltration of vital information from Tata Tele Business Services. In order to provide evidence for their assertions, they uploaded a total of around 17 visual representations of the compromised data. The depicted photographs encompassed a plethora of sensitive records and documents originating from several firms, encompassing financial data, confidential letters, credit scores, commercial interactions, and international banking records. The intrusion additionally disclosed sensitive financial and corporate data, thereby presenting substantial threats to both financial security and confidentiality. Despite making multiple attempts, The420.in was unable to contact Phoenix Mills Ltd in order to obtain their comment.
Analysis of the Lockbit Ransomware Group
The Lockbit ransomware organization, which was formerly identified as ABCD ransomware and has links with the Maze ransomware cartel, commenced autonomous operations in September 2019. In June 2021, the entity underwent a rebranding process, adopting the name Lockbit 2.0. This transformation was accompanied by a notable increase in visibility, propelling Lockbit 2.0 to emerge as a leading provider of Ransomware-as-a-Service (RaaS) within the year 2021.
During the initial quarter of 2022, Lockbit 2.0 garnered significant attention by accounting for 46% of the total leaked data supplied by ransomware collectives. Lockbit 2.0 has been recognized as the most influential Ransomware-as-a-Service (RaaS) for a continuous period of five months since its launch, indicating its substantial influence in the field.
Lockbit 3.0 was formally introduced on June 27, 2022, signifying a significant transformation in the realm of ransomware. One of the alterations implemented was the introduction of a novel extortion framework featuring three distinct pricing alternatives, strategically devised to amplify the level of coercion exerted on the organizations being targeted.
Mitigating the impact
The erroneous ascription of the cyberattack perpetrated by the Lockbit ransomware organization to Tata Tele Business Services has elicited numerous apprehensions. The potential consequences encompass financial losses related to remedial actions, harm to the organization’s reputation, and the vulnerability of IP addresses and login passwords, which may result in unauthorized access to accounts. Furthermore, the disclosure of personally identifiable information (PII) has the potential to enable other malicious actors to execute social engineering schemes, phishing attacks, and instances of identity theft.
Furthermore, individuals who fall victim to a ransomware attack may encounter a perilous predicament if the encrypted system harbors vital information that lacks proper backup measures. In such circumstances, they may be compelled to acquiesce to the ransom demands as their only viable option. Noncompliance with the ransom request may lead to the group’s dissemination of the victim’s data on their public relations website or on the dark web, making it accessible to the general public, competitors, and other malicious entities.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More Article here