Based on an IBM security report, India had recently gained an unwanted second spot in the list of most cyberattacked countries in APAC for 2020. Out of the total attack share, ransomware accounted for the highest at 40%. It seems that the ghosts of the past are well and truly haunting India. A Smart City project carried out by Indian tech giant, Tech Mahindra, has reportedly fallen prey to a ransomware attack that infected nearly 25 of its project servers. As per the FIR registered by the project in charge at a local police station, Tech Mahindra has suffered losses amounting to INR 5 crore (approximately $690,000) due to the attack.
Ransomware Attack on Tech Mahindra
The Government of India (GoI) launched the Smart Cities Mission in June 2015. The objective of this initiative was to promote sustainable and inclusive cities that provide core infrastructure and give a clean and sustainable environment to their citizens by integrating ‘Smart Solutions.’ Under this program, the Pimpri-Chinchwad town (adjacent to Pune) was also ordained to become a “Smart City”. Tech Mahindra, which has handled such projects before, won INR 500 crore bid (approximately $ 6,88,45,600) for this project in December 2019 from the Pimpri-Chinchwad Municipal Corporation (PCMC).
However, just after a year into the project, Tech Mahindra set up nearly 300 servers, moving at full throttle towards completion. But the company hit a major bump on February 26, 2021, when 25 of its PCMC smart city project servers were targeted by a ransomware attack. The project manager of Tech Mahindra’s PCMC project immediately lodged a criminal offense complaint at the Nigdi Police Station in which he mentioned that the attackers had demanded a ransom to be paid in Bitcoins in exchange for the decryption key.
Talking about the complaint, Municipal Commissioner Rajesh Patil was quoted saying, “The civic body will not pay for the loss”. Adding to this, PCMC’s IT Officer also said,
We are surprised by the police complaint lodged by Tech Mahindra. We believe they can restore the system. There is no justification for any loss. The PCMC will not pay anything to the firm. We have told them so.
However, Tech Mahindra has clarified that it only went by the procedure and they are not expecting any compensations from the PCMC for the damages or the ransom demand.
Tech Mahindra’s Response
Clearing the air, Sujit Baksi, president of corporate affairs, Tech Mahindra, said,
On February 26, we were informed about the ransomware attack on the PCMC servers. The team briefed the whole situation to the cybersecurity officials and filed an FIR with the police. After a detailed analysis of the situation in the past 10 days, we have concluded that 25 servers are impacted, which need to be rebuilt along with the implementation of a robust security system. Our team is monitoring the situation on a regular basis and has also continued the work on rebuilding the environment without touching the infected servers.
On the other hand, Tech Mahindra also confirmed that servers impacted by the ransomware attack are recoverable and that no other commercial impact has been observed.
This incident however exposes the inadequacy of cybersecurity policy-making and lack of skilled manpower in the government sector. The attack is the latest in a long line of security incidents aimed at the government and public sector. In a report titled “China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions,” Recorded Future, a cybersecurity company, cites geopolitical reasons and heightened border clashes between India and China since last May, as the reasons for the escalation in cyberattacks. Read the full story here.