Intro

DETAILS TODAY The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June 2021.

The group is known to employ a diverse set of tactics, techniques, and procedures, which makes it difficult for organizations to defend against its attacks, as the FBI has earlier stated.

In September this year, Hive claimed to be behind the ransomware attacks on New York Racing Association, a Bell Canada subsidiary, as well as a New York-based emergency response and ambulance service provider.

Hive claims ransomware attack on Tata Power, begins leaking data

Ax Sharma

October 25, 2022

04:49 AM

"Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month.

A subsidiary of the multinational conglomerate Tata Group, Tata Power is India's largest integrated power company based in Mumbai.

In screenshots seen by BleepingComputer, Hive operators are seen posting data they claim to have stolen from Tata Power, indicating that the ransom negotiations failed.

Hive begins leaking data allegedly stolen from Tata Power

As of a few hours ago, operators behind the Hive ransomware group are seen leaking data allegedly stolen from Tata Power on their leak site.

Cybersecurity analyst and researcher Dominic Alvieri tweeted about the development while tipping us off.

Hive ransomware leaks data allegedly stolen from Tata Power — Hive ransomware starts leaking data it claims to have stolen from Tata Power

✓ Another researcher Rakesh Krishnan shared screenshots of the stolen data—which appears to include Tata Power employees' personally identifiable information (PII), National ID (Aadhar) card numbers, PAN (tax account) numbers, salary information, etc.

✓ Additionally, the data dump contains engineering drawings, financial and banking records as well as client information, suggests Krishnan:

✓ Hive operators claim that they encrypted Tata Power's data on October 3rd.

✓ On Friday, October 14th, Tata Power disclosed a cyber attack on its "IT infrastructure impacting some of its IT systems" in a stock filing without sharing additional information with regard to the whereabouts of the threat actor.

"The Company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points," stated Tata Power's filing, signed by company secretary H.M. Mistry at the time.

Threat actors like extortion and ransomware groups typically began leaking or selling data stolen from breaching their targets should the target refuse to pay their ransom demand and subsequent negotiations fail.

Hive ransomware in review

The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June 2021.

✓ The group is known to employ a diverse set of tactics, techniques, and procedures, which makes it difficult for organizations to defend against its attacks, as the FBI has earlier stated.

Hive's last year attack on Memorial Health System led to the cancellation of surgical and diagnostic operations, and patient data theft. . ."

AX SHARMA

Ax Sharma is a Security Researcher and Tech Reporter. His works and expert analyses have frequently been featured by leading media outlets including BBC, Business Insider, Fortune, TechCrunch, The Register, and others. Ax's expertise lies in vulnerability research, malware analysis, and open source software. He's an active community member of OWASP Foundation and the British Association of Journalists (BAJ). Send any tips via email or Twitter DM.