Introduction
On October 2, 2024 [6], the Uttarakhand State government’s cyber network experienced a significant cyberattack, disrupting numerous government services and highlighting vulnerabilities in the state’s IT infrastructure. This incident marked a pivotal moment in the state’s cybersecurity landscape, prompting immediate response and long-term strategic planning.
Description
On October 2, 2024 [6], a significant cyberattack targeted the Uttarakhand State government’s cyber network [6], severely impacting the IT infrastructure and rendering over 186 government websites inoperable, including essential services such as the Chief Minister’s Helpline and Apuni Sarkar [5]. This incident marked the first cyberattack of its kind in the state [5], with the police’s Crime and Criminal Tracking Network and Systems (CCTNS) being the initial entry point for the malware. The attack unfolded within a brief 10-minute window when an unidentified hacker breached the Information Technology Development Agency (ITDA) server, locking data files and demanding a ransom for their restoration. A message indicating the hacking was found in every folder of the ITDA server [1], which included contact emails for ransom negotiations [1].
Investigations revealed that the hacker gained unauthorized access and made a ransom demand via two email addresses [2], requiring payment in cryptocurrency [2]. Authorities [4] [6], including the inspector general of police [6], stated that the ransom demand was not entertained [6], adhering to CERT-In’s mandate against ransom payments [2]. Fortunately, no significant data loss occurred [6], as IT experts promptly restored critical services, including e-filing in the Secretariat and treasury operations [4], using backup data [2]. However, approximately 15 to 20 websites remain offline due to outdated operating systems [4], and ITDA officials plan to rebuild these websites with improved cybersecurity measures [4].
A Special Investigation Team (SIT) has been established to probe the incident, which has been registered under section 308(4) (extortion) of the Bharatiya Nyay Sanhita and sections 65, 66 [2], and 66(c) of the IT Act for unauthorized access and system tampering. The entire system was temporarily shut down for a thorough scan while digital evidence [2], including logs related to the incident, was collected [2]. Forensic investigations are ongoing to identify the malware’s entry point [4], with initial indications suggesting it may have come from an unauthorized application [4]. The Uttarakhand police [1] [3] [4] [6], supported by a special team from the Special Task Force (STF) and various central agencies, including the Indian Cyber Crime Coordination Centre (I4C) [2] [4] [6], the National Investigation Agency (NIA) [2] [6], CERT-In [1] [2] [3] [4] [6], and the National Critical Information Infrastructure Protection Centre (NCIIPC) [2] [4] [6], are assisting in the investigation [2]. The response from these agencies has been commended [4], with expectations that their collaboration will yield further insights into the breach and enhance future cybersecurity protocols [4].
To strengthen its internal infrastructure [4], ITDA is making permanent appointments for managing the State Wide Area Network (SWAN) and the State Data Center [4], with plans to appoint a Chief Security Officer to bolster cybersecurity efforts [4]. Expert teams [4], including the Uttarakhand Special Task Force (STF) and ITDA cyber experts [4], have been working to scan and sanitize the affected systems [4], recovering essential digital logs and virus files for analysis to prevent future incidents.
Conclusion
The cyberattack on Uttarakhand’s state government network underscored the critical need for robust cybersecurity measures. While immediate impacts were mitigated through prompt restoration efforts, the incident has spurred a comprehensive review of existing protocols and infrastructure. The ongoing investigations and collaborations with national agencies are expected to provide valuable insights, guiding future enhancements in cybersecurity to prevent similar incidents. The state’s commitment to strengthening its IT infrastructure, including appointing key personnel and updating systems, reflects a proactive approach to safeguarding against future threats.
References
[1] https://www.theweek.in/wire-updates/national/2024/10/09/des63-ukd-cyber-attack.html
[2] https://www.isss.org.uk/news/malware-attack-case-against-unidentified-person-for-hacking-itda-server-to-lock-files-demand-ransom/
[3] https://garhwalpost.in/police-have-begun-investigation-into-cyberattack-on-govt-police-websites-nilesh-anand-bharne/
[4] https://www.the420.in/i4c-cert-in-nciipc-dehradun-cyber-police-and-itda-are-jointly-investigating-into-ransomware-attack-on-it-infrastructure-of-uttarakhand/
[5] https://www.news9live.com/india/uttarakhand-government-bans-social-media-sites-in-offices-following-cyber-attack-cm-takes-stringent-measures-2718472
[6] https://www.pioneeredge.in/hackers-sought-ransom-in-suspected-cyberattack-on-uttarakhand/
