REvil Group’s Failed $4 Million Extortion on Tata Steel Leads to Technical Drawings Leak

  • Tata Steel suffered a cyberattack by the REvil group, and drawings are already leaked.
  • The victim rejected the prospect to negotiate with the hackers, so no ransoms were paid.
  • The REvil group has been very active and pretty successful in their targeting lately, but they have failed this time.

The REvil/Sodinokibi group has reportedly attempted to extort $4 million from Tata Steel after the hackers managed to compromise the firm’s systems. Based on what can be deduced from the published data on the actors’ site, they were unsuccessful in this effort as the Mumbai-based steelmaker hasn’t given in to the demands and refused to make the slightest negotiation for a resolution. This has inevitably resulted in the first leaks of sensitive files on the REvil portal, and the files posted there appear to be quite valuable.

With the aid of KELA, we were able to see technical drawings of production line machines that are marked as “Confidential,” so they’re clearly not intended for publication. This potentially means REvil doesn’t have much hope in seeing any positive development in their negotiation efforts, and they’re immediately letting valuable stuff out. We have blurred the following samples that REvil posted as proof of the compromise.

Source: KELA
Source: KELA

The initial ransom has already been doubled once, so it’s been set to the equivalent of $8 million in Monero. There’s no other doubling step, so the next phase involves publishing the sample files on the media and the selling of the rest of the exfiltrated files to various hackers or interested buyers.

The encryption has allegedly taken place on March 25, 2021, so it’s been ten days already. We have already sent a message to Tata Steel, but as of now, we haven’t received a response. If and when we hear back from the company, we will update this piece with their comment.

REvil has been especially active recently, so there must be multiple skillful affiliates working for the ransomware group right now. Only three days ago, the French PCB maker ‘Asteelflash’ was added to Sodinokibi’s victim list, facing a ransom of no less than $24 million.

Today, Tata Steel became the fourth company of the group to reach a Rs 1 trillion market cap, seeing its S&P global rating upgraded from B+ to BB-. So, otherwise, Tata Steel is doing great, having stable financial performance, continually declining debt, and improved credit metrics. While it’s unlikely that the REvil attack has the power to leave a dent on the firm, it certainly has a negative impact.

REVIEW OVERVIEW

Latest

Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari