Not long ago, Tata Power, India's largest power generation company, announced that it had been attacked by the network, saying that the threat had attacked the company's information technology (IT) infrastructure, and started to deal with the incident and recover the affected system. As a subsidiary of Tata Group, a multinational enterprise group, Tata Power is India's largest integrated power company, headquartered in Mumbai. At the beginning of this month, the company was attacked and data was leaked. Hive, a blackmail software organization, claimed responsibility for the attack.
According to the screenshot of the leaked website, the ransom software organization Hive released the data they claimed to steal from Tata Power, which means that the ransom negotiation has failed.
Another security researcher Rakesh Krishnan shared a screenshot of the stolen data (above), which seems to include personal identification information (PII), national ID number, PAN (tax number), salary information, etc. of Tata Power employees. In addition, the leaked data also includes engineering drawings, financial and bank records, and customer information.
Hive claims that they encrypted the data of Tata Power on October 3.
On Friday, October 14, Tata Power disclosed in a securities file that some of its IT systems and infrastructure had been subjected to cyber attacks, but did not share more information about the threat actors.
The document submitted by Tata Power states that "the company has taken measures to retrieve and restore the system. All key operating systems are running. However, as a sufficient precaution, restricted access and preventive checks have been implemented on portal sites and contacts for employees and customers".
Hive is the most active ransomware organization recently. Since its exposure in late June 2021, its affiliated organizations have attacked three companies on average every day.
According to the FBI's previous warning, Hive ransomware attacks use a variety of strategies, technologies, and procedures, which makes it difficult for enterprises to defend.
In September this year, Hive claimed to have attacked the New York Motor Racing Association, Bell Canada's subsidiary, and the New York emergency response and ambulance service provider.
Hive also attacked the Memorial Health System, a medical institution, last year, resulting in the cancellation of some of its operations and diagnoses and the theft of patient data.