REvil Group’s Failed $4 Million Extortion on Tata Steel Leads to Technical Drawings Leak

Written by Bill Toulas
Last updated June 23, 2021

The REvil/Sodinokibi group has reportedly attempted to extort $4 million from Tata Steel after the hackers managed to compromise the firm’s systems. Based on what can be deduced from the published data on the actors’ site, they were unsuccessful in this effort as the Mumbai-based steelmaker hasn’t given in to the demands and refused to make the slightest negotiation for a resolution. This has inevitably resulted in the first leaks of sensitive files on the REvil portal, and the files posted there appear to be quite valuable.

With the aid of KELA, we were able to see technical drawings of production line machines that are marked as “Confidential,” so they’re clearly not intended for publication. This potentially means REvil doesn’t have much hope in seeing any positive development in their negotiation efforts, and they’re immediately letting valuable stuff out. We have blurred the following samples that REvil posted as proof of the compromise.

Source: KELA
Source: KELA

The initial ransom has already been doubled once, so it’s been set to the equivalent of $8 million in Monero. There’s no other doubling step, so the next phase involves publishing the sample files on the media and the selling of the rest of the exfiltrated files to various hackers or interested buyers.

The encryption has allegedly taken place on March 25, 2021, so it’s been ten days already. We have already sent a message to Tata Steel, but as of now, we haven’t received a response. If and when we hear back from the company, we will update this piece with their comment.

REvil has been especially active recently, so there must be multiple skillful affiliates working for the ransomware group right now. Only three days ago, the French PCB maker ‘Asteelflash’ was added to Sodinokibi’s victim list, facing a ransom of no less than $24 million.

Today, Tata Steel became the fourth company of the group to reach a Rs 1 trillion market cap, seeing its S&P global rating upgraded from B+ to BB-. So, otherwise, Tata Steel is doing great, having stable financial performance, continually declining debt, and improved credit metrics. While it’s unlikely that the REvil attack has the power to leave a dent on the firm, it certainly has a negative impact.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: