As one of the top private sector banks in india, ICICI bank, is purportedly the victim of a ransomware assault, trends from the previous year are still evident. The notorious ransomware organization Bashe has taken credit for the data breach, claiming to have gained access to private client information and threatening to make it public unless their demands for money are fulfilled.
 
The Open Source Intelligence (OSINT) team at india Herald examined the allegations and discovered discrepancies that raised questions about the veracity of the breach. In order to keep pressure on the attackers, the group first set a deadline of january 24, 2025, but eventually extended it to january 31, 2025. Furthermore, the sample data that was provided as "proof" was unreliable and lacking in completeness, which cast doubt on the veracity of the allegations and the actual scope of the breach.

The ransomware gang Bashe, often referred to as Eraleig or APT (Advanced Persistent Threat) 73, first appeared in april 2024. By encrypting victims' files and threatening to reveal critical data unless a ransom is paid, the gang has adopted strategies and methods frequently associated with the notorious LockBit group.

Bashe has claimed 72 victims on its dark web leak site in only nine months, mostly targeting sectors like technology, finance, healthcare, and logistics in nations including Australia, France, Germany, the United States, and the United Kingdom. However, a deeper examination shows that their assertions are inconsistent, with many publicized assaults seeming to be made up. To maintain anonymity and avoid discovery, the gang uses Tor-based infrastructure, which is connected to harmful operations like Meduza Stealer and TrickBot.

The ransomware gang claimed to have targeted india three times, including the most recent ICICI attack, while looking into the dark web leak site. But their assertion on december 27th that they had more than 6 lakh Federal bank sensitive customer information was a fluke. The data that the gang made public was a little Excel file that had been published in 2021 by another ransomware outfit called "Everest." After more research, it was discovered that the file was connected to one of Federal Bank's subsidiaries rather than the bank itself.

The purported hack of bank Rakyat indonesia was a noteworthy event that highlighted this ransomware outfit. The bank carried out a comprehensive examination and discovered no evidence of a ransomware attack, despite their demands for money. The so-called stolen material, which was a sample document that had been made publicly available on websites like Scribd and PDFcoffee, was a less than 200KB Excel file when the organization made it public.

SOCIAL media PRESENCE
There are several ways that the Bashe ransomware organization communicates and negotiates ransom. Details for contacting them via encrypted platforms, such as Tox chat, which necessitates a distinct session ID to ensure anonymity, are available on their dark web leak website. To further ensure their privacy, they have also been connected to an onion Mail email address and a Telegram account. On X, a profile bearing their name has also been observed.


For more interesting updates wa click and follow Indiaherald WhatsApp channel

Find out more:

ICICI

G GOWTHAM

25/01/2025 12:46 PM