Nucleus Software Exports, an Indian IT company that provides lending software to banks and retail stores has fallen victim to an Epsilon Red ransomware attack that took down some of its internal networks and encrypted sensitive corporate data.
According to Nucleus' website, its customers include three of the top global banks, and three of the top 10 automotive finance companies. The company’s software is used by more than 200 financial institutions across 50 countries.
In a notice filed with the Indian National Stock Exchange authority, Nucleus Software said the breach occurred on May 30. The company said it took appropriate measures to address the issue and brought in its cybersecurity team immediately after learning about the incident.
“So far as sensitive data is concerned, we’d like to assure our customers that there is NO financial data of any customer available/stored with us and therefore the question of any leakage or loss of client data does not arise,” the company,” Nucleus Software said.
The company did not provide details on what ransomware was involved in the attack. However, security researchers were able to identify the ransomware strain used in the attack. The ransomware in question was BlackCocaine (aka Epsilon Red), a relatively new malware discovered by UK security firm Sophos last month.
The gang behind Epsilon Red targets unpatched Microsoft Exchange email servers to get access to enterprise networks. Written in Golang, the malware uses a set of unique PowerShell scripts that prepare the ground for the file-encryption routine. Each PowerShell script has its own purpose ranging from killing processes and services for security tools, databases, backup programs to disabling Windows Defender and uninstalling security tools, such as Sophos, Trend Micro, Cylance, MalwareBytes, Sentinel One, Vipre, Webroot.