Hive ransomware group claims cyber attack on India’s Tata Power

Getty Visuals

The Hive ransomware team has claimed an attack on Tata Power, a primary Indian electrical power firm, and encrypted its units with ransomware.

Hive claimed to have encrypted the systems of the electric utility subsidiary of Tata Team on 3 Oct at all over 7 pm, disclosing the attack on 24 October in a write-up on its leak web-site.

The dumped sample of documents includes employment contracts, supplier contracts, ‘master’ information on a variety of employees, paperwork detailing senior executives’ remuneration offers, and additional.

This arrives following Tata Electrical power declared on 14 October in a inventory trade submitting it experienced suffered a cyber attack on its IT infrastructure, impacting some of its IT techniques. The organization mentioned it experienced taken measures to retrieve and restore the devices, with no revealing what form of attack it was or who it was carried out by.

“All critical operational methods are functioning having said that, as a evaluate of abundant precaution, limited access and preventive checks have been place in put for worker and shopper-dealing with portals and touch points,” the corporation claimed at the time.

A amount of Tata Electricity prospects have reported problems paying their vitality charges on Twitter, with some stating that they have been disconnected from the assistance for not being ready to comprehensive the payment. Some also documented that they produced the payment but have been even now getting phone calls that their monthly bill hadn’t been paid.

@TataPower I am not able to shell out the Electrical energy Monthly bill from past 15 times.. Attempted all the process however obtaining the exact error.Remember to send out the payment website link to shell out by way of Amazon wallet. Attaching the screenshots Please enable to solve the issue. #tatapower pic.twitter.com/qeX9NwBeDB

— Mehul Khetia (@MehulKhetia) October 20, 2022

IT Pro has contacted Tata Ability for comment.

@TataPower Due to IT dilemma that you are experiencing, I have not acquired e-bill. How do I pay back then? In which do I make payment? None of payment channels that I applied in previous have bill information and as a result payment not possible. What do I do now?

— RakeshParekh (@IamRakeshParekh) October 22, 2022

Hive is a person of the most thriving ransomware organisations at present in operation and is operate in a equally ‘professional’ fashion as other higher-profile gangs of past and current, these as REvil and LockBit.

At the time contaminated, victims are taken to a bespoke portal exactly where there are brokers operating for Hive that manual victims via the ransom payment system by using dwell chat performance.

Hive is identified for its intense and unsympathetic method to negotiating ransom payments and has been observed using practices these kinds of as triple extortion – a process starting to be increasingly well-known among the the most perfectly-resourced teams.

The attack on Tata Electricity is the most recent in a sequence of attacks carried out by the ransomware organisation. In September, it claimed an attack on the New York Racing Affiliation (NYRA). The NYRA noted the attack on 30 June, immediately after mastering that its IT functions, web site availability, and member knowledge were being compromised.

A several days ahead of this, the group claimed obligation for a details breach at Bell Canada subsidiary Bell Technological Answers (BTS). The breach uncovered individually identifiable information and facts of its Ontario and Québec-based shoppers, and compromised and encrypted BTS’s techniques.

Some parts of this short article are sourced from:
www.itpro.co.uk