Mumbai’s cyber police on Wednesday registered an FIR in connection with the hacking of the Maharashtra Industrial Development Corporation (MIDC)’s server. Due to the cyber attack, the functioning of the MIDC’s head office in Mumbai and 16 other regional offices was disrupted.

It is alleged that the hackers demanded ₹500 crore as ransom; however, neither the police nor MIDC officials have confirmed the exact amount. It is not yet clear whether the attackers are from India or abroad, the police said.

According to the MIDC, the attack took place on March 21 at 2.30am and the attackers demanded a ransom through email.

“Ransomware has attacked the local server system and the database which are hosted at the MIDC headquarters. This damaged the computers at the corporation’s (16) regional offices. The email sent by the attackers explained the kind of attack and their demand for ransom,” MIDC officials stated.

Sources said that the hackers demanded ₹500 crore in ransom, but the corporation didn’t bring this up in their complaint. “The FIR (given by the MIDC) in the cyber attack matter does not mention any ₹500 crore ransom,” said Milind Bharambhe, joint commissioner of police (crime), adding, “We are investigating the case further.”

MIDC stated that to prevent the spread of the virus after the attack, all computers were disconnected from the server. The corporation also asked all its departments to shut their systems and not to switch on the computers until the issue is completely resolved. This caused a disruption of services across the state.

Deputy commissioner of police (operation) Chaitanya Siriprolu, the spokesperson for Mumbai Police, stated that the MIDC on Wednesday complained to the Cyber police stating that on March 21, unidentified attackers used ransom malware to access the MIDC’s computer system and encrypted all its important data.

All MIDC’s systems are hosted on the ESDS (a cloud service provider) and a local server . The corporation uses Trend Micro anti-virus software for security and maintenance.

The corporation claimed that as backup files of its website, Single Window Clearance system, Building Plan Approval Management System (BPAMS), ERP (Enterprise Resource Planning), computerised land distribution system, water bills, etc. are stored on different networks; they’re all safe. Some services have been restored while some will be restored in a day or two.

Commenting on the extent of damage to the MIDC’s system due to the attack and restoring of service, Dr Anbalagan P, chief executive officer, MIDC, told HT, “The retrieval is complete. All customer interface such as single-window and other applications have been restored and made operational.”

On MIDC’s complaint, the cyber police registered an FIR under sections 43 A (Compensation for failure to protect Data), F (denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means) and 66 (computer related offences) of Information Technology Act.

A team of cyber police officers also visited the MIDC office on Tuesday for inquiry. The investigators are now trying to track the digital footprints of the attacker to ascertain who is behind the ransom malware attack.

Earlier an attempt at cyber sabotage, allegedly by a Chinese state-sponsored Cyber threat group, caused a massive power outage in Mumbai last October. Maharashtra home minister Anil Deshmukh had said that the Maharashtra Cyber police found evidence that suggests that the grid failure in Mumbai on October 12 last year, that resulted in the city plunging into darkness and disrupting train services, shutting down the stock market and generally hitting economic activities, was likely to be cyber sabotage.

The New York Times citing a report by a US-based cyber security firm which claimed that Chinese-state sponsored groups had targeted the power sector in India with malware. This came months after the clash between troops of the two nations in Galwan valley in June 2020.