Cyber Incident Victim: Madhya Pradesh Power Management Company Limited

On May 22, 2023, the Madhya Pradesh Power Management Company Limited (MPPMC) detected a ransomware attack that crippled its internal information technology system. The affected system was identified as the IABS internal IT system, which had been set up with help from L&T InfoTech. This system was primarily used for internal communication among the different functionaries of the state-run entity responsible for overseeing the management of electricity throughout the state. The attack occurred during a period of peak summer electricity consumption, a time when the company's operations for the sale and purchase of power according to demand are most critical.

Following the detection of the incident, MPPMC promptly initiated its response. The company's Chief General Manager (IT), Reeta Kshetrapal, was a central figure in coordinating the initial actions. A press note issued by the company on Saturday, May 22, formally confirmed the ransomware attack on the IABS system. The company immediately informed relevant government institutions about the cyber attack. These included the Madhya Pradesh State Electronics Development Corporation (MPSEDC) and the Indian Computer Emergency Response Team (CERT-In), the Union government's nodal agency that deals with cyber threats. The involvement of these official bodies was a key step in adhering to government guidelines for such incidents.

The technical response to restore the compromised systems began swiftly. Engineers from L&T InfoTech were engaged to carry out the restoration work of the IABS internal IT system. This restoration effort was conducted under the specific guidelines provided by CERT-In. As part of this process, MPPMC began scanning its servers as a precautionary measure while attempting to restore them. The company's public relations officer, Pankaj Swamy, stated that an alternative method had been put in place to ensure that urgent work was not affected by the IT system outage, indicating that business continuity measures were activated to maintain essential operations.

On the Friday following the attack, MPPMC formally approached the police by filing a complaint regarding the ransomware incident. The state cyber cell in Jabalpur, under Superintendent of Police Lokesh Sinha, confirmed that an investigation had begun based on this complaint. This marked the official start of a law enforcement investigation into the matter. When contacted on Sunday, May 22, Chief General Manager (IT) Reeta Kshetrapal provided an update on the attackers' motives, noting that those behind the ransomware had not yet sought money. However, the attackers had provided email IDs to facilitate contact, which is a common tactic in ransomware incidents where a ransom demand is typically communicated after initial access and encryption.

The impact of the attack was significant as it disabled a key internal communication system for the power management company. MPPMC's role in the sale and purchase of power as per demand is a critical function for the state's electricity grid. The timing of the attack during a period of peak summer consumption heightened concerns about potential disruptions to power management operations. The company's public statements emphasized that restoration efforts were being handled with precaution and in accordance with official protocols, highlighting the serious and sensitive nature of the incident for state infrastructure. The engagement of external IT experts from L&T InfoTech, alongside guidance from national cybersecurity authorities, formed the core of the technical recovery effort aimed at returning the company's internal systems to normal operation.