Cyber intelligence firm Cyble claimed that a threat actor group “John Wick” demanded ransom after gaining unrestricted access to a database belonging to Paytm Mall, an e-commerce unit of payment solutions provider Paytm. Cyble stated that the group uploaded a backdoor/Adminer on the company’s website to obtain access to their production database and compromised all accounts and related information of Paytm Mall.
An Insider Job!
According to Cyble, an insider is suspected to have helped the cybercriminal group gain access to Paytm Mall’s database. While the volume of the data breach is unknown, the hackers demanded 10 Ethereum (equivalent to US$ 4,000). Cyble also reported that John Wick, under the alias “South Korea” and “HCKINDIA,” targeted multiple Indian organizations earlier for ransom.
“According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm Mall as well. Leaking data when failing to meet hackers’ demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid,” Cyble said.
Paytm in Denial
The authorities at Paytm Mall denied the data breach allegations saying that the company’s data is secure.
“We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies,” Paytm Mall said in a media statement