In a recent cyber breach incident, ICICI Bank, a prominent Indian financial institution, fell victim to a ransomware attack orchestrated by a relatively unknown group called Bashe. This group, believed to have ties to the notorious LockBit gang, successfully infiltrated the bank’s systems and exfiltrated a portion of its data, which is now being advertised for sale on the dark web.
Typically, Bashe employs aggressive tactics and imposes strict deadlines on its victims to comply with their demands. In this case, the group has set a deadline of January 24, 2025, threatening to publicly release the stolen data if their demands are not met.
ICICI Bank, a renowned institution that operates under the regulatory framework set by the Reserve Bank of India, holds a significant customer base both in India and among non-resident Indians (NRIs) worldwide. The news of the ransomware attack has sparked widespread concern, especially among Indian consumers who rely on the bank’s convenient mobile banking services. The possibility of sensitive data exposure has heightened anxieties within the banking community.
Bashe, known for targeting key sectors such as healthcare, logistics, technology, and banking, has previously conducted operations in countries like the United States, the UK, France, Germany, and Australia. While investigations have linked the group to servers in the Czech Republic, a known hub for cybercriminal activities, there is no direct evidence implicating the Czech government in these illicit actions. The elusive nature of Bashe’s operations makes them challenging to trace, and ongoing investigations are attempting to shed light on their activities.
As of now, ICICI Bank has refrained from providing a comment on the allegations of a data breach, as their incident response team is actively investigating the incident.
This incident is not the first time ICICI Bank has faced data security issues. In 2023, the bank came under fire for storing sensitive customer data on inadequately secured servers, leading to a data leak that exposed a wide array of personal information including phone numbers, emails, identification documents, CVs, addresses, credit card details, and account information.
The implications of this ransomware attack on ICICI Bank underscore the growing threat posed by cybercriminals to financial institutions and the imperative for robust cybersecurity measures to safeguard sensitive data. The incident serves as a stark reminder of the ever-present risks in the digital age and the importance of proactive cybersecurity strategies in mitigating such threats.