The Maharashtra Industrial Development Corporation (MIDC) faced a ransomware attack on its IT infrastructure on March 21, at around 2:30 am. However, there was no demand for ransom in the attached note, a press statement shared by MIDC CEO, P Anbalagan said.
The ransomware ‘SYNack’ impacted the applications and database servers hosted on Cloud DC & DR (ESDS) and local servers hosted at MIDC headquarters in Mumbai by encrypting the data stored in these servers. The malware also infected some desktop PCs across different office locations of MIDC. The attackers had attached a ransom note giving details of the attack and the steps to approach them for decryption of data. However, no ransom amount was directly mentioned, the statement said.
Anbalagan in a brief telephonic interaction with
MIDC is the industrial infrastructure development arm of the State government. Through 16 regional offices, MIDC manages its 289 industrial complexes spread over 66,000-plus hectares.
The press statement said that after the attack, MIDC management received automated alerts that its applications have gone down on the same day. On further analysis during the day, the ransomware attack was confirmed. MIDC has Trend Micro anti-virus licence for end point security monitoring. The details of the ransomware were shared with Trend Micro for further analysis, the statement said.
As an immediate measure, MIDC systems were disconnected from the network to contain the spread of the virus. The backup files for different application servers (Single Window Clearance System, ERP, BPAMS, Online Land Allotment, Water Billing System) were stored on a different network segment on the Cloud DC and were not infected.
As per the recommendations from Cybersecurity experts, several steps are being taken to control the spread of the virus and minimise the impact, the statement said.