Tata Technologies hit by ransomware attack

Major Indian tech firm Tata Technologies has confirmed it suffered a ransomware attack that forced it to take a number of its IT systems offline.

A subsidiary of major automobile manufacturer Tata Motors, Tata Technologies provides engineering and digital services to a range of manufacturers in the automotive, aerospace, and industrial machinery industries.

In an official statement provided to the Indian Stock Exchange on 31 January 2025, the company said the attack affected “a few of our IT assets”, forcing it to temporarily suspend some of its services as a precautionary measure.

The statement added that these services have now been restored, and Tata Technologies’ client delivery services were unaffected and remained fully functional throughout.

“Further detailed investigation is underway in consultation with experts to assess the root cause and to take remedial action as necessary. We remain committed to the highest standards of security and data protection and are taking all necessary steps to mitigate any potential risks”, the statement concluded.

Further details including the identity of the threat actors responsible – or the means by which they achieved access to some of Tata Technologies’ IT assets and corporate network – were not included in the filing.

Ransomware attacks targeting India spiked 55% in 2024

Ransomware attacks targeting India-based companies appear to be on the rise, according to data collected by CyberPeace.

Research from the security firm identified 98 ransomware incidents impacting various sectors in India, which represents a 55% increase compared to the 63 attacks recorded in 2023.

“This surge highlights a concerning trend, as ransomware groups continue to target India's critical sectors due to its growing digital infrastructure and economic prominence,” CyberPeace warned.

Trend Micro’s 2024 Midyear Cybersecurity Threat Report found India ranked tenth overall and sixth in Asia for ransomware threats, accounting for 5% of all ransomware incidents in Asia and just under 3% globally.

In one case, Comtel, a data center operator hosting critical infrastructure for a number of brokerage firms in India, was hit with a ransomware attack in December 2024 that resulted in a temporary suspension of the affected stock brokers by two of India's leading exchanges.

The finance sector accounted for 10% of the incidents recorded in 2024, CyberPeace found, but the industrial sector was by far the most frequently targeted industry in India, accounting of 75% of total incidents.

The Tata conglomerate has been the victim of previous ransomware activity in recent years. In October 2022, the Hive ransomware group claimed responsibility for an attack on Tata Power, locking down its IT systems and exfiltrating sensitive information.

A sample of the stolen information posted to the group’s leaksite included contracts with suppliers and employees, ‘master’ files on several employees, and details of senior executives’ remuneration packages.