urlscan.io logo urlscan.io
SecurityTrails logo

www.cpomagazine.com Open in urlscan Pro
2606:4700:3033::ac43:be7c  Public Scan

Back to summary
Submitted URL: https://www.cpomagazine.com/cyber-security/hive-ransomware-group-leaks-stolen-data-after-attacking-a-major-india-power-compa...
Effective URL: https://www.cpomagazine.com/cyber-security/hive-ransomware-group-leaks-stolen-data-after-attacking-a-major-india-power-company/
Submission: On November 07 via api from GB — Scanned from GB

Form analysis 4 forms found in the DOM

POST https://cpomagazine.activehosted.com/proc.php

<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_6368A0A92E212_" class="_form _form_5 _inline-form  _dark" novalidate="">
  <input type="hidden" name="u" value="6368A0A92E212" data-name="u">
  <input type="hidden" name="f" value="5" data-name="f">
  <input type="hidden" name="s" data-name="s">
  <input type="hidden" name="c" value="0" data-name="c">
  <input type="hidden" name="m" value="0" data-name="m">
  <input type="hidden" name="act" value="sub" data-name="act">
  <input type="hidden" name="v" value="2" data-name="v">
  <input type="hidden" name="or" value="4ae11200f56e2b1d69319b2dfa94876e" data-name="or">
  <div class="_form-content">
    <div class="_form_element _x77566567 _full_width _clear">
      <div class="_form-title">Stay Updated</div>
    </div>
    <div class="_form_element _x15145207 _full_width _clear">
      <div class="_html-code">
        <p>Get notified of new articles and relevant events.</p>
      </div>
    </div>
    <div class="_form_element _x05506158 _full_width ">
      <label for="email" class="_form-label"></label>
      <div class="_field-wrapper">
        <input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
      </div>
    </div>
    <div class="_form_element _field2 _full_width ">
      <fieldset class="_form-fieldset">
        <div class="_row">
          <legend for="field[2][]" class="_form-label">
          </legend>
        </div>
        <input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
        <div class="_row _checkbox-radio">
          <input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
          <span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
        </div>
      </fieldset>
    </div>
    <div class="_button-wrapper _full_width"><button id="_form_5_submit" class="_submit" type="submit">Submit</button></div>
    <div class="_clear-element"></div>
  </div>
  <div class="_form-thank-you" style="display:none;"></div>
  <div class="_form-branding">
    <div class="_marketing-by">Marketing by</div>
    <a href="https://www.activecampaign.com/?utm_medium=referral&amp;utm_campaign=acforms" class="_logo">
			<span class="form-sr-only">ActiveCampaign</span>
		</a>
  </div>
</form>

POST https://cpomagazine.activehosted.com/proc.php

<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_6368A0A938176_" class="_form _form_1 _inline-form  _dark" novalidate="">
  <input type="hidden" name="u" value="6368A0A938176" data-name="u">
  <input type="hidden" name="f" value="1" data-name="f">
  <input type="hidden" name="s" data-name="s">
  <input type="hidden" name="c" value="0" data-name="c">
  <input type="hidden" name="m" value="0" data-name="m">
  <input type="hidden" name="act" value="sub" data-name="act">
  <input type="hidden" name="v" value="2" data-name="v">
  <input type="hidden" name="or" value="a2cb81bac5b5d320d82c00f8b361574c" data-name="or">
  <div class="_form-content">
    <div class="_form_element _x61394459 _full_width _clear">
      <div class="_html-code">
        <p>Get notified of new articles and relevant events.</p>
      </div>
    </div>
    <div class="_form_element _x31449036 _full_width ">
      <label for="email" class="_form-label"></label>
      <div class="_field-wrapper">
        <input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
      </div>
    </div>
    <div class="_form_element _field2 _full_width ">
      <fieldset class="_form-fieldset">
        <div class="_row">
          <legend for="field[2][]" class="_form-label">
          </legend>
        </div>
        <input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
        <div class="_row _checkbox-radio">
          <input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
          <span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
        </div>
      </fieldset>
    </div>
    <div class="_button-wrapper _full_width"><button id="_form_1_submit" class="_submit" type="submit">Submit</button></div>
    <div class="_clear-element"></div>
  </div>
  <div class="_form-thank-you" style="display:none;"></div>
</form>

POST https://cpomagazine.activehosted.com/proc.php

<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_6368A0A9312E3_" class="_form _form_1 _inline-form  _dark" novalidate="">
  <input type="hidden" name="u" value="6368A0A9312E3" data-name="u">
  <input type="hidden" name="f" value="1" data-name="f">
  <input type="hidden" name="s" data-name="s">
  <input type="hidden" name="c" value="0" data-name="c">
  <input type="hidden" name="m" value="0" data-name="m">
  <input type="hidden" name="act" value="sub" data-name="act">
  <input type="hidden" name="v" value="2" data-name="v">
  <input type="hidden" name="or" value="2ef8a2eae0738b9c2c0570a50f12ccce" data-name="or">
  <div class="_form-content">
    <div class="_form_element _x61394459 _full_width _clear">
      <div class="_html-code">
        <p>Get notified of new articles and relevant events.</p>
      </div>
    </div>
    <div class="_form_element _x31449036 _full_width ">
      <label for="email" class="_form-label"></label>
      <div class="_field-wrapper">
        <input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
      </div>
    </div>
    <div class="_form_element _field2 _full_width ">
      <fieldset class="_form-fieldset">
        <div class="_row">
          <legend for="field[2][]" class="_form-label">
          </legend>
        </div>
        <input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
        <div class="_row _checkbox-radio">
          <input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
          <span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
        </div>
      </fieldset>
    </div>
    <div class="_button-wrapper _full_width"><button id="_form_1_submit" class="_submit" type="submit">Submit</button></div>
    <div class="_clear-element"></div>
  </div>
  <div class="_form-thank-you" style="display:none;"></div>
</form>

GET https://www.cpomagazine.com/

<form method="get" class="search tipi-flex" action="https://www.cpomagazine.com/"> <input type="search" class="search-field font-b" placeholder="Search" value="" name="s" autocomplete="off" aria-label="search form"> <button
    class="tipi-i-search-thin search-submit" type="submit" value="" aria-label="search"></button></form>

Text Content

WE VALUE YOUR PRIVACY

We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products. With your
permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting.
Please note that some processing of your personal data may not require your
consent, but you have a right to object to such processing. Your preferences
will apply to this website only. You can change your preferences at any time by
returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
 * 
 * 


 * Home
 * News
 * Insights
 * Resources

 * 
 * 
 * 
 * 



Cyber SecurityNews
·3 min read


HIVE RANSOMWARE GROUP LEAKS STOLEN DATA AFTER ATTACKING A MAJOR INDIA POWER
COMPANY

Alicia Hope·November 4, 2022
TwitterFacebookLinkedIn

Hive ransomware group claimed responsibility for the Tata Power cyber attack and
began leaking the stolen data.




Tata Power acknowledged the cyber attack on October 14 in a stock exchange
filing, claiming that it had retrieved and restored all systems.

“The Company has taken steps to retrieve and restore the systems. All critical
operational systems are functioning; however, as a measure of abundant
precaution, restricted access and preventive checks have been put in place for
employee and customer-facing portals and touch points,” Tata Power said in the
regulatory filing.

However, the Hive ransomware gang claimed it encrypted Tata Power on October 3,
2022, nearly two weeks before the company filed the data breach notification. If
so, Tata Power risks fines for breaching the Indian Computer Emergency Response
Team (CERT-In) regulations that require notification within six hours of
discovery.



The Mumbai-based company is part of the Tata Group conglomerate serving 12
million customers and is the largest integrated power company in the country.


HIVE RANSOMWARE GROUP BEGINS LEAKING STOLEN DATA

Hive ransomware gang listed the Indian electric generating company on its data
leak site, suggesting that ransom negotiations had conclusively failed.



The ransomware group also began leaking stolen data, including sensitive
personal information such as national identity card (Aadhar) numbers, tax IDs
(PAN), phone numbers, home addresses, and salary information. The stolen data
also included private keys, banking and financial records, client contracts, and
engineering drawings.

According to cybersecurity researcher Rakesh Krishnan, the ransomware gang
leaked at least 20 banking records.

Edward Liebig, Global Director of Cyber-Ecosystem at Hexagon Asset Lifecycle
Intelligence, warned that paying the ransom does not guarantee the recovery of
the stolen data.

“Let’s face it, even if negotiations are successful, there is still only a
50%/50% chance of recovery of the encrypted assets. The decision to pay or not
to pay is a business call.”

However, he acknowledged some exceptions that could force a company to pay a
ransom, hoping to recover the stolen data.

“If the organization is in a very vulnerable position (recovery of assets is not
possible), if there is a chance for extremely damaging information to be
compromised, or if the potential business impact far outweighs the ransom
payment, then the business may decide to pay.”

Triple extortion ransomware group with an aggressive affiliate program

Hive ransomware has one of the most aggressive affiliate ransomware-as-a-service
(RaaS) programs in the cybercrime world.

The “triple extortion” ransomware group demands ransom from organizations after
encrypting data, leaks the stolen data, and directly extorts individuals
impacted by ransomware attacks.

Although its attacks are financially motivated, the ransomware group cooperates
with politically-motivated hacking groups such as Conti ransomware. Hive’s top
targets include companies in the energy, healthcare, media, and education
sectors. Recent Hive ransomware gang victims include Costa Rica’s public health
service and the Social Security Fund (CCSS). The ransomware group also claimed
responsibility for the attack on New York Racing Association (NYRA), emergency
services provider Empress EMS, and Bell’s Canadian subsidiary Bell Technical
Solutions. Similarly, Hive ransomware was responsible for the 2021 cyber attack
on Europe’s largest consumer electronics retailer Media Markt.

According to threat intelligence firm Group-IB, Hive ransomware operators had
attacked 355 companies by October 16, 2021, a 72% increase from September 2021,
with 43 victims likely paying ransom in one month.

Similarly, Digital Shadows ranked the Hive RaaS gang as the third-most prevalent
ransomware group in Q3 2022, behind LockBit and Black Basta ransomware gangs but
ahead of BlackCat, Vice Society, and AvosLocker.

Hive’s attack vectors include unsecured and vulnerable RDP servers, stolen VPN
credentials, and phishing emails with infected attachments.

In August 2021, the FBI published a flash alert on Hive ransomware detailing the
gang’s indicators of compromise (IOCs) and tactics, techniques, and procedures
(TTPs).



“Increasing the chances of defending against ransomware begins with watching the
front and back doors,” Liebig said.

Hive #ransomware group claimed responsibility for the #cyberattack on Tata Power
and began leaking stolen data, including sensitive employee and company
information after ransom negotiations had conclusively failed. #cybersecurity
#respectdataClick to Tweet

He recommended educating employees on phishing, maintaining visibility into your
organization’s assets and endpoints, mitigating vulnerabilities, threat hunting,
monitoring connections, and maintaining regular offsite backups.

“The best way to defend against ransomware is to never let it take root in your
systems. The next best way is to have a bullet proof, trusted recovery strategy
to minimize downtime and eliminate the “ransom” debate.”

 

Stay Updated

Get notified of new articles and relevant events.


I agree to the privacy policy
Submit


Marketing by
ActiveCampaign
TwitterFacebookLinkedIn

Tags
Ransomware GroupStolen Data
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on
technology, cyber security and data privacy news.



LATEST


HIVE RANSOMWARE GROUP LEAKS STOLEN DATA AFTER ATTACKING A MAJOR INDIA POWER
COMPANY


STUDY SHOWS PRIVACY AWARENESS IS THE “NEW NORMAL” FOR CONSUMERS, ONLINE BEHAVIOR
IS MUCH MORE GUARDED


YOUR FAVORITE APPS MAY BE ‘SHARING’ WAY MORE OF YOUR DATA THAN THEY LET ON


CYBERSECURITY WORKFORCE IS GROWING, BUT WORLDWIDE WORKFORCE GAP OF 3.4 MILLION
CONTINUES TO PRESENT PROBLEMS




- Advertisement -



LEARN MORE

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use



STAY UPDATED

Get notified of new articles and relevant events.


I agree to the privacy policy
Submit



News, insights and resources for data protection, privacy and cyber security
professionals.


LEARN MORE

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data


STAY UPDATED

Get notified of new articles and relevant events.


I agree to the privacy policy
Submit




FOLLOW US



© 2022 Rezonen Pte. Ltd.


 * Home
 * News
 * Insights
 * Resources


Start typing to see results or hit ESC to close
U.S. Data Breach Regulations EU GDPR Facebook
See all results