Both organisations were contacted for comment on Saturday, but while both confirmed they had received iTWire's queries, neither has responded as yet.
However, IDFC contacted iTWire on Tuesday evening AEDT to deny that it had been the victim of any attack.
"The information about IDFC FIRST Bank given by you in the story is factually incorrect as no such ransomware has hit us. The bank maintains the highest level of security and its systems remain strong and resilient," a spokeswoman said.
Egregor has been in the news lately, especially after the ransomware group Maze announced it was shutting down.
At least one ransomware researcher, Brett Callow, who works with the New Zealand-headquartered security firm Emsisoft, believes that Egregor is just a new name for Maze.
|
|
However, the criminals behind Everest do not seem to always make believable claims. At least one of the organisations in Canada which they claimed to have hit — a major airport — told a news site that there was no evidence of a compromise to systems or infrastructure.
The Nav Jeevan bank is based in Ulhasnagar, which is part of the Mumbai metropolitan region, and was set up in 1985. The last profit figures given on its site, for 2017, show annual profit of about 13 billion rupees (A$233 million).
The gang behind the attack has leaked one file on the dark web, a zip archive of about 230MB.
IDFC is located in Chennai, in India's south, in a very posh area of the city. Its latest financial report showed a profit of eight billion rupees (A$144 million) for the first quarter of the 2021 financial year.
No documents from this attack have been leaked, but several screenshots, mostly of identity documents, have been uploaded to the dark web. The attackers claim to have stolen customer data, documents, copies of loan agreements and other important documents.
