Haldiram Breached By Maze Ransomware Operators

The threat of ransomware attacks and data leaks is on the rise. Allegedly, Haldiram Snacks Pvt. Ltd., an Indian manufacturer of sweets and snacks, has been one of the recent victims of a data breach. The retail chain was recently targeted by a threat actor in July, followed by demands of a huge ransom for decrypting their stolen data.

During our regular monitoring of the dark web, on July-27-2020, it was noted that the IT infrastructure of Haldiram’s was allegedly breached by Maze Ransomware operators. According to an article on the Times of India, a complaint was submitted to the Noida Cyber Cell in India on July 17, 2020 followed by an FIR (First Information Report) on October 14th, 2020. Between July 25 and 27, the leak was also proclaimed by Maze ransomware operators on their website.

Below is a snapshot of the leak published by Maze Ransomware Operators on July 27, 2020

At that time, only 5% of the data was uploaded by Maze operators but the leaked file was corrupt, thereby providing no concrete evidence of the data leak. These type of posts on ransomware operators’ sites is a scare tactic to bring the victim to the negotiation table. Since July 2020, there might have been negotiation talks between the ransomware operators and Haldiram’s which may have not been successful.

Recently, we found complete i.e. 100% sensitive data leaked by Maze on their website in the dark web. The data consists of various types of sensitive information within 8 compressed files, as shown in the image below.

The leaked data includes internal emails, financial documents – including tax and payroll details of some employees, vendor related documents, ex gratia payment details, and PAN cards among other sensitive details.

Most of these documents contain information from 2016, with details from F.Y. 2015-16 as well. The data comprises multiple excel and pdf files that are not password protected.

If reports are to be believed, then the data recently leaked by Maze, containing 8 compressed files, is associated with the same attack that happened in July 2020.

Here are a few ways to prevent cyber-attacks:

  • Never click on unverified/unidentified links
  • Do not open untrusted email attachments
  • Only download media from sites you trust
  • Never use unfamiliar USBs
  • Use security software and keep it updated
  • Backup your data periodically
  • Keep passwords unique and unpredictable
  • Keep Software and Systems up to date
  • Train employees on Cyber Security
  • Set up Firewall for your internet
  • Secure your Wi-Fi
  • Protect files with a password.
  • Take a Cyber Security assessment
  • Update passwords regularly

It is recommended to follow above mentioned prevention methods and never pay the ransom.

About Cyble

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.io.    

Scroll to Top