The Hive ransomware group has claimed responsibility for the cyber-attack against Tata Power disclosed by the company on October 14 and believed to have occurred on October 3.
The leak has reportedly affected several of Tata’s 12 million customers and includes PII like Aadhaar national identity card numbers, tax account numbers, salary information, addresses and phone numbers, among others.
The decision to pay or not to pay is a business call. If the organization is in a very vulnerable position, if there is a chance for extremely damaging information to be compromised, or if the potential business impact far outweighs the ransom payment, then the business may decide to pay.
Another aspect to consider in this scenario is the rules of the cyber insurance carrier. Some Cyber Insurers prohibit the payment of a ransom. This means that a ransomware Incident Response playbook must have a very defined and comprehensive declaration and approval process that goes to the top of the executive team.
More generally, increasing the chances of defending against ransomware begins with watching the front and back doors. The best way to defend against ransomware is never to let it take root in your systems. The next best way is to have a bulletproof, trusted recovery strategy to minimize downtime and eliminate the ‘ransom’ debate.