BASHE ransomware gang claims ICICI bank, leaves three days to pay the ransom


Hackers from the BASHE ransomware gang, also known as APT73, have added ICICI Bank, a major financial institution in India, to their victim site on the dark web and left three days to pay the ransom. The cybersecurity incident is not officially confirmed.

BASHE threatens to release customer data unless their demands are met by 10:00 UTC, January 31st, 2025.

The provided screenshot with a data sample appears to include names, phone numbers, addresses, ages, genders, types of credit cards, such as Gold or Diamond, and timestamps from March 2024.

ADVERTISEMENT

The table also includes a number resembling the balance of the account. However, it's impossible to evaluate accurately as the column names are not provided.

It is unclear whether this is a new cybersecurity incident and how much data the hackers might have.

We have reached out to ICICI Bank for clarification and will include their response.

Cybernews has previously reported about a major data leak that affected ICICI Bank in 2023. The Cybernews research team discovered that the bank leaked sensitive data, such as personal documents and financial information, due to the misconfiguration of their systems.

Meanwhile, cybercriminals offer third parties the ability to ‘buy data immediately’ and explain that they always initially offer the originating company to buy data first to ’avoid data leak.’

“You must understand that there is no time to think, you must make a decision quickly, the timer has started,” the post reads. “The price depends on the company size and sensitivity of information.”

The post has been viewed 8,000 times, according to the counter.

Niamh Ancell BW vilius Marcus Walsh profile Ernestas Naprys
Don’t miss our latest stories on Google News
ADVERTISEMENT

ICICI Bank is an Indian multinational bank and financial services company with over 6,600 locations and a market capitalization of around $100 billion. It is the second-largest bank in India.

According to Malpedia, APT73 launched its data leak site on April 25th, 2024. Since then, the gang has listed dozens of victims. Its data leak site resembles that of Lockbit, likely to leverage the infamous gang’s reputation and attract potential affiliates. APT73 was formed by an alleged former LockBit affiliate following law enforcement's crackdown on LockBit.

Hackers “guarantee” the deletion of the obtained data and the provision of decryption tools after the transaction.

“We will give you information on how to avoid similar attacks in the future,” the proposal on the dark web reads.