Tata Power, India’s major electric utility, data posted on ransomware leak site

Tata Power, India’s largest integrated power company, was posted on a Hive ransomware group’s leak site. The company acknowledged suffering an IT incident in mid-October.

Tata Power, owned by multinational conglomerate Tata Group, likely suffered a ransomware attack since the company’s name appeared on the Hive cartel’s leak site.

The message on the leak site claims that threat actors got their hands on sensitive Tata Power employee details such as passports, taxpayer’s data, email and home addresses, and phone numbers.

Hackers also claim they have corporate data such as contracts, non-disclosure agreements (NDAs), and other company documents.

Tata Power dealt with a cyber attack earlier in October that impacted the company’s IT infrastructure and some of its IT systems.

Tata Power breach
The announcement on cartel's leak site. Image by Cybernews.

“The Company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points,” the company said in a notice to the National Stock Exchange of India.

Hive claims that hackers encrypted the data on the eve of October 3 and posted it on their leak site late October 24. Usually, ransomware gangs threaten to leak stolen data to force a victim into paying the ransom. Tata Power’s data appearing on the leak site might signal the company refused to pay the hackers.

Hive ransomware was first observed in mid-2021. The gang and its affiliates started targeting organizations that experience high or even lethal downtime costs, such as healthcare providers, energy providers, and retailers all over the world.

Hive is a relatively popular strain of ransomware. According to the deep web intelligence firm DarkFeed, Hive posted 194 victims on their leak site.

The gang often uses social engineering techniques to get initial access to the victim’s IT systems, scouts for public-facing systems and prowls for leaked credentials on the dark web.

According to research by Cisco, Hive often employs the ‘bad cop’ tactic with its victims, using an aggressive and blunt approach to communication with those the cartel hacked.

More from Cybernews:

To improve or to abandon: what should we do about racist AI?

Apple Fitness+ now available for iPhone users as a paid service

Virtual reality to play an increasing role in travel, survey suggests

Construction group Interserve fined $4,9m for failing to prevent cyberattack

Australia’s pubs set to combat gambling with facial recognition tech, experts call it terrifying and absurd

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked