The Blackcat ransomware gang claims it has stolen over 2 TB of data from Indian explosives manufacturer Solar Industries India. The group has posted a detailed list of data and information extracted from the company on its Tor leak site and has invited buyers to bid on the data within 24 hours using TOX.
The group hasn’t revealed their attack vector or if they’re demanding a ransom from Solar Industries. The message on their site only claims that “because of low security, more than 2TB of sensitive data related to weapons production was stolen from Solar Industries India Limited”. Blackcat also claims that the data leak has affected all products and classified documents from the company.
Extracted data from the hack includes the following:
Sensitive information about the company’s employees and customers.
Blueprints and engineering documents of weapons.
Technical, power and other related documentation on the company products.
Internal product testing documentation.
Documents on future products and developments.
Government cooperation documents.
Warhead composition details as well as engineering documentation on the callout elements of different products.
Recordings from production cameras and offices.
Armament supply chain information for various sources.
Company partnership information.
Internal audits and reports of vulnerabilities and bugs in the company’s products.
Backups and databases.
stolen documents and photos taken from the company’s security cameras as proof of the breach on its website. Solar Industries’ website is also unavailable at the time of writing. Another rather serious allegation that the group is making is that they also possess evidence of industrial spying in other countries, including friendly states.
The group, also known as ALPHV, operates a Windows ransomware-as-a-service. Security researchers and law enforcement agencies have linked the ransomware’s developers to the infamous Darkside and Blackmatter crime rings. The FBI has also issued a security advisory warning organisations of the gang’s attack vectors and tactics.
The gang is also the first known ransomware group to successfully breach networks with malware written in Rust. Security researchers at Cisco Talos and Palo Alto Networks Unit 42 have also pointed out the gang’s preference for Rust — a secure programming language that offers better performance and reliable concurrent processing.