Updated: March 21, 2021 11:00:09 pm
On March 9, Tech Mahindra had registered a complaint at Nigdi police station, alleging a ransomware attack on the smart city project servers. (Express Photo) After the ruling BJP in Pimpri-Chinchwad Municipal Corporation raised doubts about the cyber attack on Pimpri-Chinchwad Smart City Project, the civic administration has asked Tech Mahindra, one of the firms managing the project, to submit its reply within three days regarding what happened on February 26, the day the purported attack took place.
In a letter sent to Tech Mahindra on Saturday, Municipal Commissioner Rajesh Patil, who heads the Pimpri-Chinchwad Smart City Project, said, “It has been more than 15 days since the ransomware cyber attack on ICC Data Centre. Based on the understanding of Tech Mahindra’s solution experts and security experts, kindly submit a detailed report to PCSCL regarding the root cause analyss, impacts observed, probable future, impacts, remedial actions in process, tentative delays in project implementation, details of the financial losses incurred by M/s Tech Mahindra and any other riks and correcttive actions to be taken to overcome similar future attacks.”
Stating that contract clauses have been violated, the PCMC chief added, “Tech Mahindra and their consortium partners have been system integrators for implementation of smart city project and its operations for five years. Tech Mahindra and their consortium partners need to adhere to RFP clause. The ransomware attack proves the violation of RFP clauses and contract clauses….We are expecting a reply in three days.”
According to the complaint lodged by Tech Mahindra, which manages the smart city project, servers of Chinchwad Smart City Project fell victim to a ransomware attack on February 26. As per the complaint, the attackers demanded a ransom to be paid in Bitcoins. A criminal offence in connection with this was registered at Nigdi Police Station on March 9.
While the company has lodged a complaint estimating a loss of Rs 5 crore, Patil has conveyed to the firm that the civic body will not absorb the costs. The civic body contended that no sensitive data was leaked.
After the complaint was lodged, BJP corporator Seema Savale, who is also the former chairperson of civic standing committee and well-acquainted with how contracted firms work, raised doubts about the whole affair. In a series of letters to PCMC commissioner, Savale said, “We suspect that the complaint was filed to claim insurance benefits of Rs 5 crore…The whole episode raises several questions. Firstly, the attackers were entering and exiting the system for a month, yet the firm had no clue about it. Then Tech Mahindra holds only 12 per cent stake in the project. Other two firms hold the remaining stake. Then how come Tech Mahindra is the lead partner? Also, Tech Mahindra has all the expertise and is a well known firm, then why does it have only 12 per cent stake ? If an expert company like Tech Mahindra has only 12 per cent stake, then what is the role of other two firms including M/s Crystal Integrated Services? Like these, there are several unanswered queries…The civic administration should set the record straight.”
Earlier, Sujit Baksi, head, APAC Business and president, corporate affairs, Tech Mahindra, had said: βOn the morning of 26th February, we were informed about the ransomware attack on PCMC servers. Following which the team briefed cyber security officials and filed the FIR with the police. After detailed analysis of the situation in last 10 days, we have come to a conclusion that 25 servers are impacted which need to be rebuilt along with implementation of a robust security system. Though the FIR mentions damage of about Rs 5 crore, which is not for any material cost or data, the only cost would be towards the rework efforts. Our team is monitoring the situation on a regular basis and has also continued the work on rebuilding the environment without touching the infected servers. The servers which were impacted are recoverable and there is no impact of it commercially.β