A subsidiary of Indian multinational Tata has allegedly fallen victim to the notorious ransomware gang Hunters International.
The extortionists claim to have pilfered 730,160 files totaling 1.4 TB from the tech giant’s Tata Technologies. The gang is threatening to release the information next Monday unless a ransom is paid, though it hasn’t publicly specified an amount nor shared any teaser documents to support its claims.
Tata Technologies is a product engineering subsidiary of the industry behemoth Tata Motors, which owns Jaguar Land Rover and Daewoo. The company had no comment at time of going to press regarding whether it had been contacted by the crooks nor therefore any comment on the demanded ransom.
In a mandatory filing with the Indian stock exchange, Tata in January disclosed [PDF] it had been the subject of a “ransomware incident.” Now, it appears, the culprits have surfaced.
“As a precautionary measure, some of the IT services were suspended temporarily and have now been restored,” the technology titan said. “Our client delivery services have remained fully functional and unaffected throughout. Further detailed investigation is underway in consultation with experts to assess the root cause and to take remedial action as necessary.”
Hunters International are infamous in the industry for going for large targets – reportedly stealing terabytes of data from the Industrial and Commercial Bank of China in September, for instance. They are also not afraid to go for targets that some other ransomware crews won’t touch, such as doctors.
There is some evidence Hunters International is a rebooted extortion crew and simply a rebranding of the Hive gang, which operated from 2021 to 2023. After a string of high-profile break-ins, the US government offered a $10 million bounty for information on the gang and shortly afterwards the group’s website was seized by the FBI and shuttered.
A few months later Hunters International appeared, and a sharp-eyed security researcher spotted that the crew was using exactly the same strain of ransomware as Hive. While not conclusive, it does suggest Hunters could be a rebranded version of Hive.
Hive has had prior experience with Tata. In 2022 the criminals raided Tata Power and published some stolen material online when the ransom wasn’t paid. ®