- Tata Steel suffered a cyberattack by the REvil group, and drawings are already leaked.
- The victim rejected the prospect to negotiate with the hackers, so no ransoms were paid.
- The REvil group has been very active and pretty successful in their targeting lately, but they have failed this time.
The REvil/Sodinokibi group has reportedly attempted to extort $4 million from Tata Steel after the hackers managed to compromise the firm’s systems. Based on what can be deduced from the published data on the actors’ site, they were unsuccessful in this effort as the Mumbai-based steelmaker hasn’t given in to the demands and refused to make the slightest negotiation for a resolution. This has inevitably resulted in the first leaks of sensitive files on the REvil portal, and the files posted there appear to be quite valuable.
With the aid of KELA, we were able to see technical drawings of production line machines that are marked as “Confidential,” so they’re clearly not intended for publication. This potentially means REvil doesn’t have much hope in seeing any positive development in their negotiation efforts, and they’re immediately letting valuable stuff out. We have blurred the following samples that REvil posted as proof of the compromise.
The initial ransom has already been doubled once, so it’s been set to the equivalent of $8 million in Monero. There’s no other doubling step, so the next phase involves publishing the sample files on the media and the selling of the rest of the exfiltrated files to various hackers or interested buyers.
The encryption has allegedly taken place on March 25, 2021, so it’s been ten days already. We have already sent a message to Tata Steel, but as of now, we haven’t received a response. If and when we hear back from the company, we will update this piece with their comment.
REvil has been especially active recently, so there must be multiple skillful affiliates working for the ransomware group right now. Only three days ago, the French PCB maker ‘Asteelflash’ was added to Sodinokibi’s victim list, facing a ransom of no less than $24 million.
Today, Tata Steel became the fourth company of the group to reach a Rs 1 trillion market cap, seeing its S&P global rating upgraded from B+ to BB-. So, otherwise, Tata Steel is doing great, having stable financial performance, continually declining debt, and improved credit metrics. While it’s unlikely that the REvil attack has the power to leave a dent on the firm, it certainly has a negative impact.