[BreachExchange] MIDC’s Server Hacked, Threat to Destroy Data

Destry Winant destry at riskbasedsecurity.com
Mon Apr 5 10:42:37 EDT 2021 

https://www.ehackingnews.com/2021/03/midcs-server-hacked-threat-to-destroy.html

The server of Maharashtra Industrial Development Corporation was hacked as
of late. The ransomware 'SYNack' affected the applications and database
servers facilitated at the MIDC headquarters in Mumbai by encrypting the
information put away in these servers. Hackers have demanded Rs 500 crore,
they have mailed a demand of Rs 500 crore on MIDC's official mail ID,
sources said.

The malware additionally tainted some desktop PCs across various office
areas of the MIDC. The assailants had attached a ransom note giving details
of the assault and the steps needed to be taken to approach them for
decryption of information. Nonetheless, no sum was directly referenced in
the ransom note, a statement given by the MIDC expressed. After the hack,
every one of the 16 regional workplaces in the state, including the head
office in Mumbai, has been shut down.

The total data of all the industrial estates, entrepreneurs, government
elements, and different plans identified with MIDC is accessible on an
online system. The whole work has come to a halt since last Monday after
the hack. The MIDC approached the police after which the Cyber Crime Police
started their probe into the hacking incident, joint commissioner of
police, crime, Milind Bharambe affirmed to the FPJ.

 A statement issued by the MIDC read, "On Sunday, March 21, at around 2:30
AM, we received automated alerts that our applications were down. On
further analysis during the day, the ransomware attack was confirmed.
MIDC’s applications are hosted on ESDS cloud (services managed by ESDS,
Cloud Service Provider) and local servers (managed by MIDC internal team).
We have Trend Micro anti-virus license for end-point security monitoring.
The details of the ransomware were shared with Trend Micro for further
analysis."

"As an immediate measure, the MIDC systems were disconnected from the
network to contain the spread of the virus. The backup files for different
application servers were stored on a different network segment on Cloud DC
and were not infected. As per the recommendations from Cyber Security
experts, several steps are being taken to control the spread of virus and
minimize the impact," the statement read further.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210405/00b605a0/attachment.html>

More information about the BreachExchange mailing list