The ransomware attack on the server of Maharashtra Industrial Development Corporation (MIDC), which disrupted the functioning at the MIDC’s head office in Mumbai and 16 other regional offices last month, was carried out somewhere in Russia-Kazakhstan, investigation of the cyber police station has revealed. However, the cyber police are yet to identify the perpetrators.
On March 21 at 2.30am, a ransomware, SYNack, attacked the MIDC system. The attack was on the local server system to take unauthorised access of the computer system of MIDC and encrypted data. Because of this, MIDC personnel could not use the system data for over a week. This also damaged the computers at the corporation’s 16 regional offices. The email sent by the attackers explained the kind of attack and their demand for ransom, the police said.
Ten days later, MIDC filed an official complaint with the cyber police on April 1. It is being alleged that the hackers had demanded ₹500 crore ransom, however neither the police nor the MIDC officials have confirmed the amount. “The technical investigation indicated the attack’s origin could be Russia-Kazakhstan region. Efforts are being taken to know the exact location,” a senior police officer part of the investigation told HT.
After the attack, all computers were disconnected from the server. The corporation also asked all its departments to shut the system and not to switch on the computers until the issues were resolved completely. This had caused disruption of services across the state.
Earlier, MIDC has claimed that all their systems were hosted on the ESDS (cloud service provider) and local server of the corporation and for security and maintenance purpose, the corporation was using a well-known anti-virus.
The corporation claimed that as backup files of its website, Single Window Clearance system, Building Plan Approval Management System (BPAMS), ERP (Enterprise Resource Planning), computerised land distribution system, water bills, etc. are stored on different networks, they are all safe. Later, the services were restored completely.
A team of cyber police officials had visited the MIDC office, made enquiries with the technical staff there to understand the nature of attack.
Earlier, an attempted cyber sabotage allegedly by a Chinese state-sponsored cyber threat group had caused massive power outage in Mumbai last October. Then home minister Anil Deshmukh had said that the Maharashtra cyber police had found evidence which suggested that the grid failure in Mumbai on October 12 last year, which resulted in the city plunging into darkness, disrupting train services and shutting down the stock market, was likely to be a cyber sabotage.
The New York Times, citing a report by a US-based cybersecurity firm, had claimed the Chinese-state sponsored groups had targeted power sector in India with malware. This came months after the clash between troops of the two nations in Galwan valley in June 2020.