Hive Ransomware Gang Claims Ransomware Attack on Tata Power India, Data Leaked on Dark Web

The Hive ransomware group claimed responsibility for a cyber attack on Tata Power, which was disclosed this month.

A subsidiary of multinational conglomerate Tata Group, Tata Power is India's largest integrated power company, headquartered in Mumbai.

The leak site built through the dark web shows that the Hive ransomware gang has released the data they claim to have stolen from Tata Power, which would indicate that ransom negotiations with Tata Power have failed.

Hive begins leaking data allegedly stolen from Tata Power

The Hive ransomware group claims that they encrypted Tata Power's data on October 3.

The operators behind the Hive ransomware ring have now leaked internal data allegedly stolen from Tata Power on their dark web leak site.

The Hive ransomware ring posted a description, URL, and annual revenue of Tata Power on their dark web leak site. the Hive ransomware ring claims that:

India's Largest Integrated Power Company

Tata Power, formerly a part of the three entities jointly known as Tata Electric Companies, is a pioneer in technology adoption, with many firsts to its credit, supporting the country's energy independence.
Tata Power, together with its subsidiaries & joint entities, has a generation capacity of 13,735 MW of which 35% comes from clean energy sources. The company has the distinction of being among the top private players in each sector of the value chain including solar rooftop and value-added services.

Tata Power is a pioneer credited with steering the energy sector on technology, process and platform. Powering emerging technologies for the 'smart' customer, Tata Power's latest business integrated solutions, focusing on mobility and lifestyle, is poised for multi-fold growth.

Since its inception in 1915, Tata Power now has over a century of expertise in technology leadership, project execution excellence, world-class safety processes, customer care and driving green initiatives, Tata Power is committed to 'lighting up lives' for generations to come.

and published data related to Tata Power employees (emails, addresses, passports, phone numbers, payments, working hours, taxpayer information, etc.), contracts signed by Tata Power, NDAs, and other agreement documents through public dark web links at

http://u237r6z6axkagn6t2qiwx2rrvmq7pvz53tph7hl64geg3ee55gw66kad.onion/TATAPower/

Tata Power releases statement after the data breach

Dominic Alvieri, a cybersecurity analyst and researcher, tweeted about the development of the incident.

Another researcher, Rakesh Krishnan, shared screenshots of the stolen data, which appears to include Tata Power employees' personally identifiable information (PII), national identity card (Aadhar) numbers, PAN (tax identification number) numbers, salary information, and more.

In addition, the data dump also contains engineering drawings, financial and banking records, and customer information, Krishnan suggested.

On Friday, Oct. 14, Tata Power disclosed in a stock filing that it had "suffered a cyber attack on its IT infrastructure that affected some of its IT systems," but did not share additional information about who the cyber attack was.

The company has taken steps to retrieve and restore these systems," the Tata Power filing noted. All critical operational systems are operational; however, as an adequate precautionary measure, restricted access and preventive checks have been carried out on employee and customer-facing portals and touch points.". This document was signed by H.M. Mistry, Corporate Secretary.

If the target refuses to pay the ransom demand and subsequent negotiations fail, threat actors such as ransomware groups typically begin to leak or sell the data stolen from compromised targets.

A review of the Hive ransomware gang

The Hive ransomware group is more active and aggressive than its compromise website suggests, and since the ransomware group's actions became known in late June 2021, its affiliates have carried out attacks against companies across a wide range of industries, averaging three companies per day.

The Federal Bureau of Investigation (FBI) released some technical details and indicators of harm related to the Hive ransomware attack. the FBI said the Hive ransomware gang relies on multiple tactics, techniques, and procedures, which makes it difficult for organizations to defend against its attacks.

Among the methods, the group used to gain initial access and move laterally across the network were phishing emails with malicious attachments and Remote Desktop Protocol (RDP). Before deploying an encryption program, the Hive ransomware gang steals files they deem valuable in order to force victims to pay a ransom under the threat of a data breach.

In September, it was revealed that the Hive ransomware gang was behind ransomware attacks on the New York Racing Association, a subsidiary of Bell Canada, and emergency response and ambulance service providers in New York.