Reports have said that the Hive ransomware-as-a-service (RaaS) group has claimed responsibility for the cyber-attack against Tata Power disclosed by the company on October 14 and believed to have occurred on October 3.
“The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning,” the Mumbai-based company said at the time.
Security researcher Rakesh Krishnan, has claimed that the leak has reportedly affected several of Tata’s 12 million customers and includes personally identifiable information (PII) like Aadhaar national identity card numbers, tax account numbers, salary information, addresses and phone numbers, among others.
It appears that many have taken Hive leaking the stolen data to mean that any ransomware negotiations failed, but Edward Liebig, global director of cyber-ecosystem at Hexagon, has suggested a different option.
“Let’s face it, even if negotiations are successful, there is still only a 50% chance of recovery of the encrypted assets,” Liebig told Infosecurity in an emailed statement.
“The decision to pay or not to pay is a business call. If the organization is in a very vulnerable position (recovery of assets is not possible), if there is a chance for extremely damaging information to be compromised, or if the potential business impact far outweighs the ransom payment, then the business may decide to pay.”
The executive has said another aspect to consider in this scenario is the rules of the group admits leaking power ransomware attack
