Massive Ransomware Leak at India's CredRight

By Bogdan Pătru . 15 June 2024

Tech Writer

Fact-Checked this

An unknown hacker posted a massive database of information belonging to India’s CredRight. CredRight is a lending platform that connects micro, small, and medium companies to NBFCs and banks. CredRight hasn’t confirmed the breach.

The hackers haven’t disclosed their identity, so it’s unclear if this was the work of a legitimate ransomware gang or a rogue cybercriminal operator
The data leak is supposedly massive, involving 40 GB of highly sensitive information
The attack was marked as a ransomware hit, but it’s unclear if that’s the case, given that there’s no evidence of any demands or negotiations
Another theory is that the hackers skipped the entire negotiation process and started selling the data immediately

In most ransomware attacks, the hackers will leave a ransomware note behind and demand payment to delete the stolen data. They will always attempt to get money from the victim first and only sell the data as a last resort.

That’s because the victim is the most interested in the data. If negotiations fail or the target company simply refuses to contact the hackers, only then will they market the stolen data. It’s unclear whether CredRight’s situation falls in the former or the latter category.

X showing the CredRight Database breach — https://x.com/FalconFeedsio/status/1801563734806249547

It’s important to note that the data leak contained a lot of customer information, which is already a massive problem for CredRight. Ransomware attacks, or any other cyberbreaches that result in considerable data leaks, are always a reason for concern.

That’s true for both the company being breached and the victims who are directly impacted by the data leak. The company can be held liable for any data leak that may result from poor cyber defences.

This is why many victims refuse to acknowledge or report the breaches. It’s unclear if this is the case with CredRight, and it hasn’t been confirmed whether the attack actually took place.

But, from the initial reports, the breach seems to be legit.

Who Attacked CredRight?

Realistically speaking, it could be anyone. Most likely, though, it’s a legitimate ransomware entity. One that values privacy and money more than fame. This would explain why nobody has claimed the attack openly.

This usually happens with ransomware gangs that have been targeted by law enforcement agencies. Delivering anonymous hits allows them to continue their operations without attracting even more heat from CISA, FBI, or Interpol.

It’s important to note that, despite remaining publicly anonymous, the hackers may reveal their identities to the victims. Especially if the data being stolen is of high value. That’s because the hackers can negotiate with the victim behind the scenes.

The victim doesn’t want to report the breach to the local authorities, while the hackers don’t want their identity exposed publicly. So, they agree to settle the matter behind the curtains. This usually consists of the ransom being paid far from the public’s eye.

This doesn’t appear to be the case with the CredRight situation, as the hackers have leaked the identity of the victim. So, they’re either not interested in any agreement, or negotiations have failed, so now they’re making the most of a failed situation.

Whatever the case may be, the situation is still developing.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Massive Ransomware Leak at India’s CredRight

Who Attacked CredRight?

Our Mission

Bogdan Pătru

Leave a Comment Cancel