The virus had affected about 150 computers, mostly in Revenue, Public Works Department and some isolated computers in other departments of Mantralaya and these computers have now been isolated and being sent for forensic tests, Principal Secretary, IT department, V K Gautam, said.
All the data on the Maharashtra Local Area Network (Maha LAN) are safe, he said.
"The virus first showed its presence around Friday last week, which probably sneaked into the Maha LAN through a spam mail," Gautam said.
After gaining entry into the system, the virus begins encrypting the DOC, PPT or other files into Locky files, the official said.
"When one tries to access these encrypted files, the system asks the user for lock key and then asks to pay for it in Bitcoins for granting access to the files," he said.
He added that the virus is actually very dangerous for the world of finance and corporates, wherein data related to financial accounts and other sensitive information gets locked and the user is asked to pay for the access to own data.
"The virus begins to send spam mails using the official e-mail ID deceiving the user in opening it or its mail attachments allowing the virus to enter the system," he said.
Users need to guard against accessing spam mails of such nature by clicking on to the senders' e-mail address to know the real sender and better still use only the official government e-mail Intra-net rather than private e-mails like Gmail, Yahoo and others, Gautam added.
"There are around 53,000 computers in various government departments in Mantralaya that are on the Maha LAN," he said, adding that following the incident, the IT department has fortified its server and data center and that no damage has been caused to the government files.
Both the Centre and the state government have a policy that mandates all its employees to use the official government intra-net rather than private e-mail, he said.