REvil Leaks Drawings after Ransom Refusal by Tata Steel
TechNadu reported that Tata Steel suffered a cyber attack by the REvil group and drawings are already leaked. The REvil/Sodinokibi group has reportedly
TechNadu reported that Tata Steel suffered a cyber attack by the REvil group and drawings are already leaked. The REvil/Sodinokibi group has reportedly attempted to extort USD 4 million from Tata Steel after the hackers managed to compromise the firm’s systems. The victim rejected the prospect to negotiate with the hackers, so no ransoms were paid. Based on what can be deduced from the published data on the actors’ site, they were unsuccessful in this effort as the Mumbai-based steelmaker hasn’t given in to the demands and refused to make the slightest negotiation for a resolution. This has inevitably resulted in the first leaks of sensitive files on the REvil portal, and the files posted there appear to be related to steel plant in Odisha. The encryption has allegedly taken place on March 25, 2021
With the aid of KELA, TechNadu was able to see technical drawings of production line machines that are marked as “Confidential,” so they’re clearly not intended for publication. This potentially means REvil doesn’t have much hope in seeing any positive development in their negotiation efforts, and they’re immediately letting valuable stuff out.
However, the initial ransom has already been doubled once, so it’s been set to the equivalent of USD 8 million in crypto currency Monero. There’s no other doubling step, so the next phase involves publishing the sample files on the media and the selling of the rest of the exfiltrated files to various hackers or interested buyers.
REvil has been especially active recently, so there must be multiple skilful affiliates working for the ransom ware group right now. Only three days ago, the French PCB maker ‘Asteelflash’ was added to Sodinokibi’s victim list, facing a ransom of no less than USD 24 million.