The Hive ransomware group has claimed an attack on Tata Power, a leading Indian energy company, and encrypted its systems with ransomware.
Hive claimed to have encrypted the systems of the electric utility subsidiary of Tata Group on 3 October at around 7 pm, disclosing the attack on 24 October in a post on its leak site.
The dumped sample of files includes employment contracts, supplier contracts, 'master' files on various employees, documents detailing senior executives' remuneration packages, and more.
This comes after Tata Power declared on 14 October in a stock exchange filing it had suffered a cyber attack on its IT infrastructure, impacting some of its IT systems. The company said it had taken steps to retrieve and restore the systems, without revealing what kind of attack it was or who it was carried out by.
“All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer-facing portals and touch points,” the company said at the time.
A number of Tata Power customers have reported difficulties paying their energy bills on Twitter, with some stating that they have been disconnected from the service for not being able to complete the payment. Some also reported that they made the payment but were still receiving calls that their bill hadn’t been paid.
IT Pro has contacted Tata Power for comment.
Hive is one of the most successful ransomware organisations currently in operation and is run in a similarly 'professional' fashion as other high-profile gangs of past and present, such as REvil and LockBit.
Once infected, victims are taken to a bespoke portal where there are agents working for Hive that guide victims through the ransom payment process via live chat functionality.
Hive is known for its aggressive and unsympathetic approach to negotiating ransom payments and has been observed using tactics such as triple extortion - a method becoming increasingly popular among the most well-resourced groups.
RELATED RESOURCE
Facilitating Fintech
Reducing the risk of potential data interception among fintech solutions
The attack on Tata Power is the latest in a series of attacks carried out by the ransomware organisation. In September, it claimed an attack on the New York Racing Association (NYRA). The NYRA reported the attack on 30 June, after learning that its IT operations, website availability, and member data were compromised.
A few days before this, the group claimed responsibility for a data breach at Bell Canada subsidiary Bell Technical Solutions (BTS). The breach exposed personally identifiable information of its Ontario and Québec-based customers, and compromised and encrypted BTS’s systems.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
