REvil Group’s Failed $4 Million Extortion on Tata Steel Leads to Technical Drawings Leak

  • Tata Steel suffered a cyberattack by the REvil group, and drawings are already leaked.
  • The victim rejected the prospect to negotiate with the hackers, so no ransoms were paid.
  • The REvil group has been very active and pretty successful in their targeting lately, but they have failed this time.

The REvil/Sodinokibi group has reportedly attempted to extort $4 million from Tata Steel after the hackers managed to compromise the firm’s systems. Based on what can be deduced from the published data on the actors’ site, they were unsuccessful in this effort as the Mumbai-based steelmaker hasn’t given in to the demands and refused to make the slightest negotiation for a resolution. This has inevitably resulted in the first leaks of sensitive files on the REvil portal, and the files posted there appear to be quite valuable.

With the aid of KELA, we were able to see technical drawings of production line machines that are marked as “Confidential,” so they’re clearly not intended for publication. This potentially means REvil doesn’t have much hope in seeing any positive development in their negotiation efforts, and they’re immediately letting valuable stuff out. We have blurred the following samples that REvil posted as proof of the compromise.

Source: KELA
Source: KELA

The initial ransom has already been doubled once, so it’s been set to the equivalent of $8 million in Monero. There’s no other doubling step, so the next phase involves publishing the sample files on the media and the selling of the rest of the exfiltrated files to various hackers or interested buyers.

The encryption has allegedly taken place on March 25, 2021, so it’s been ten days already. We have already sent a message to Tata Steel, but as of now, we haven’t received a response. If and when we hear back from the company, we will update this piece with their comment.

REvil has been especially active recently, so there must be multiple skillful affiliates working for the ransomware group right now. Only three days ago, the French PCB maker ‘Asteelflash’ was added to Sodinokibi’s victim list, facing a ransom of no less than $24 million.

Today, Tata Steel became the fourth company of the group to reach a Rs 1 trillion market cap, seeing its S&P global rating upgraded from B+ to BB-. So, otherwise, Tata Steel is doing great, having stable financial performance, continually declining debt, and improved credit metrics. While it’s unlikely that the REvil attack has the power to leave a dent on the firm, it certainly has a negative impact.



How to Watch Formula 1 Without Cable in 2021: Live Stream F1 Grand Prix Anywhere!

The 2021 Formula 1 World Championship is nearly underway, and we're excited to see the big names on the circuit once more,...

How to watch NFL Draft 2021 Without Cable: Date, Time, Schedule, Pick Order, Location, Mock Drafts

The 2021 NFL Draft is almost upon us, and soon the top prospects in the world of football will know where they...

How to Watch NHL 2021 Without Cable – Live Stream Hockey Online from Anywhere

The 2021 NHL season is here, and it ongoing after getting a dodgy start. The 104th season of the National Hockey League...