KillSec Ransomware Hits NoBroker Real Estate Platform

Incident Date: Oct 25, 2024

Attack Overview

VICTIM

NoBroker

INDUSTRY

Real Estate

LOCATION

India

ATTACKER

Killsec

FIRST REPORTED

October 25, 2024

Request Removal

Ransomware Attack on NoBroker: A Detailed Analysis

NoBroker, a leading Indian proptech company, has recently been targeted by the ransomware group KillSec. This attack has raised significant concerns within the cybersecurity community, given NoBroker's prominent position in the real estate sector and its innovative approach to eliminating brokerage fees.

About NoBroker

Founded in 2014, NoBroker Technologies Solutions Private Limited has revolutionized the Indian real estate market by offering a brokerage-free model. The platform connects property owners directly with potential tenants or buyers, thereby saving users substantial brokerage fees. NoBroker's services extend beyond real estate transactions to include home maintenance and property management. The company has a strong presence in major Indian cities and boasts a significant following on LinkedIn, indicating its industry influence.

Attack Overview

The ransomware attack on NoBroker was orchestrated by KillSec, a notorious group known for targeting various industries across multiple countries. The attackers claim to have exfiltrated sensitive data, including personally identifiable information, financial details, and legal agreements. The compromised data reportedly includes names, addresses, PAN numbers, and biometric data from Aadhaar-based verification. KillSec is demanding a ransom of $50,000 for the return of this data.

About KillSec

KillSec, also known as Kill Security, is a ransomware group that has been active in targeting sectors such as government, manufacturing, and finance. The group is known for its use of diverse communication channels and crypto wallets, often demanding significant extortion amounts. KillSec's operations are tracked by cybersecurity platforms, but no decryptor is currently available for their ransomware.

Potential Vulnerabilities

NoBroker's extensive database of user information and financial transactions makes it an attractive target for ransomware groups like KillSec. The company's reliance on digital platforms for its operations may have exposed vulnerabilities that the attackers exploited. While the exact method of penetration remains unclear, it is likely that KillSec leveraged common attack vectors such as phishing or exploiting unpatched software vulnerabilities.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.