MIDC hacking: IT systems will start functioning normally from April 1

Our Bureau | | Updated on: Mar 31, 2021

The Maharashtra Industrial Development Corporation (MIDC) faced a ransomware attack on its IT infrastructure on March 21, at around 2:30 am. However, there was no demand for ransom in the attached note, a press statement shared by MIDC CEO, P Anbalagan said.

The ransomware ‘SYNack’ impacted the applications and database servers hosted on Cloud DC & DR (ESDS) and local servers hosted at MIDC headquarters in Mumbai by encrypting the data stored in these servers. The malware also infected some desktop PCs across different office locations of MIDC. The attackers had attached a ransom note giving details of the attack and the steps to approach them for decryption of data. However, no ransom amount was directly mentioned, the statement said.

Anbalagan in a brief telephonic interaction with BusinessLine on Wednesday said that as soon as the system faced attack MIDC staff shut down servers to prevent escalation of the attack. None of the malicious links were clicked by the staff. The attack was contained and within four days citizen-facing services were restarted. The ERP system will start functioning today. Some processes had to be carried out manually, and now they are being done digitally. All the IT systems will start functioning normally from April 1, the beginning of the new fiscal year.

MIDC is the industrial infrastructure development arm of the State government. Through 16 regional offices, MIDC manages its 289 industrial complexes spread over 66,000-plus hectares.

The press statement said that after the attack, MIDC management received automated alerts that its applications have gone down on the same day. On further analysis during the day, the ransomware attack was confirmed. MIDC has Trend Micro anti-virus licence for end point security monitoring. The details of the ransomware were shared with Trend Micro for further analysis, the statement said.

As an immediate measure, MIDC systems were disconnected from the network to contain the spread of the virus. The backup files for different application servers (Single Window Clearance System, ERP, BPAMS, Online Land Allotment, Water Billing System) were stored on a different network segment on the Cloud DC and were not infected.

As per the recommendations from Cybersecurity experts, several steps are being taken to control the spread of the virus and minimise the impact, the statement said.

Published on March 31, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like

Recommended for you