Tech Mahindra Attacked by Ransomware Actors, but Client Won’t Pay a Dime

• Tech Mahindra has suffered a ransomware attack that compromised a “smart city” project in Pune.
• The affected municipality has made it clear that they won’t pay anything, so the ransom will not be covered.
• Various political entities launch attacks against Tech Mahindra, accusing them of blatant negligence.

Tech Mahindra has suffered from a successful ransomware attack that has crippled 25 of its servers and now needs Rs 5 crore ($690,200) to get things back to normal operational status. Being a public entity specializing in IT and business process outsourcing for other public entities in the country, the situation has sparked political debate in India, as opposition parties blame Tech Mahindra of incompetence, negligence, and even for hiding key information relevant to the incident from the public.

The servers which were compromised concern the Pimpri-Chinchwad Smart City Project, but the Pimpri-Chinchwad Municipal Corporation (PCMC) has made it clear that they won’t pay a single penny to cover the losses. The Smart City Project was set up to help the Pune area modernize and connect the city network, sewerage, traffic, parking, CCTV surveillance, smart water control, data center, and disaster recovery. A lot of money has been spent on this project already, so the ransomware event is intensifying the criticism against the implementation of the relevant tech.

The actors, who haven’t been publicly identified yet, asked for a ransom payment of Rs 5 crore to be made in Bitcoin, but this is unlikely to ever happen considering the factors that come into play here. So, according to the firm’s president, Sujit Baksi, Tech Mahindra will take the path of rebuilding the environment without touching the infected servers while also implementing robust security measures.

The report of the incident came thanks to a criminal offense registration by Tech Mahindra’s manager, Mahendra Laxminarayan Lathi, who informed the police on March 9, 2021. According to the filing, the attack took place on February 26, 2021, so it’s been some time already. The firm had to investigate thoroughly to determine how many and which servers had been compromised, which is why there was a delay.

Even if Tech Mahindra undertakes the cost to rebuild the network, the calls for subsequent independent investigation and penalization are multiplying. Some accuse the firm of not even having set up a basic firewall to protect the project from malicious actors. The various contradictory statements made by the company’s spokespersons haven’t helped with easing concerns.

And finally, there’s the dire possibility of data exfiltration, which almost always accompanies ransomware attacks. If the project maintained a database that was populated with CCTV surveillance footage, the negative impact of this incident would be multiplied.