The server of Maharashtra Industrial Development Corporation was attacked with the “SYNack” ransomware.
The attack affected the applications and database servers of the MIDC headquarters in Mumbai. The attackers encrypted the information on these servers; however, they made no ransom demands in their ransom note yet.
MIDC is a project of the government of Maharashtra state in India and is the biggest corporation in the state providing businesses with infrastructure such as land, roads, water supply, drainage facilities, and streetlights. Maharashtra is one of the most industrialized states in the country.
The attack just a few weeks after the reports claiming Chinese hackers shut down its electricity grid, which eventually led to a complete blackout in the financial capital.
The Indian officials said in a statement the company detected the ransomware attack on March 21 after its applications went down.
The company revealed it was the SYNack ransomware that encrypted its servers.
”The ransomware ‘SYNack’ impacted the applications and database servers hosted on Cloud DC and DR (ESDS) and local servers hosted at MIDC HQ in Mumbai by encrypting the data stored in these servers,” the statement said.
This ransomware strain — named SynAck or Syn Ack — was first spotted in August 2017 targeting Windows Server machines and enterprise networks. The ransomware operators are known to not use payment portals, but demand that victims arrange payment, usually in Bitcoin (BTC), through email or a BitMessage ID.
Additionally, the malware infected an undisclosed number of desktop personal computers in different MIDC branches.
The attackers’ ransom note contained details about the attack and the procedure for decrypting the data. However, the corporation did not comply with the intruders’ instructions and instead employed a team of external experts to mitigate the breach.
As an intermediate measure, MIDC disconnected its ITT systems from the network to contain the virus, the company said.
MIDC started to restore the lost data on the same day, while customer-facing apps, including MIDC website, single-window clearance (SWC), and BPAMS, have been put back online after running mandatory security checks. Other applications like such as water billing system enterprise resource planning, integrated file management system (IFMS) would be operational by Wednesday, the company assured.