The ransomware attack on C-Edge Technologies Ltd.—a joint venture of Tata Consultancy Services Ltd. and State Bank of India—has been attributed to RansomEXX group, according to a CloudSEK report.
The attacking group used RansomEXX v2.0, a sophisticated variant of the RansomEXX ransomware, and is known for targeting large organisations in lieu of hefty ransom payments, the report said.
In this situation too, the attack mainly impacted Brontoo Technology Solutions, which is a key collaborator with C-Edge. Following this, a report was filed by Brontoo with CerTin, which is the Indian Computer Emergency Response Team, the report by the Artificial Intelligence company said.
It added that the attack chain began with a misconfigured Jenkins server, which was also identified and traced by CloudSEK's threat research team.
While the situation is evolving, negotiations are ongoing with the ransomware group, the CloudSEK report said.
"This situation is still evolving, with negotiations ongoing with the ransomware group, and the data has yet to be published on their PR website. The ransomware group has a history of making extravagant ransom demands, and we anticipate a similar approach in this case," it said.
The development comes after a ransomware attack affected C-Edge Technologies on Wednesday. Following this, the National Payments Corporation of India isolated the company from retail payment systems.
NDTV Profit reported that the situation may be resolved by Thursday. However, NPCI may call for a forensic audit.
The RansomEXX group has been active since 2018, majorly in Europe, Asia and America region. The most targeted industries include government followed by technology, manufacturing, telecom as well as healthcare, according to CloudSEK.
The report added that the attack highlights vulnerability within current systems and threat modelling practices. It suggested that not just the primary organisation but also all critical vendors must ensure that their Jenkins servers are up-to-date.