As the investigation into the recent ransomware attack that shut down 192 government websites in Uttarakhand progresses, preliminary findings indicate that the attackers first compromised security at the disaster recovery (DR) centre in Bengaluru.
Managed by a private company, the DR centre’s virtual machines were infected by malware, according to Nitika Khandelwal, Director of the Uttarakhand IT Development Agency (ITDA).
On Oct 4, we had reported that in a massive blow to Uttarakhand’s IT infrastructure, a sophisticated cyberattack disabled critical government websites, including the Chief Minister’s helpline and essential online services, leaving the state’s entire public administration in chaos.
Speaking to Times of India, Director Khandelwal revealed, “Initial investigations suggest that the ransomware first infiltrated the DR centre in Bengaluru, and from there, it spread to ITDA’s data centre in Dehradun.”
A detailed investigation is underway, and Khandelwal emphasized that the cyber security protocols of the DR centre managed by the private firm had been compromised. Following directives from Chief Minister Pushkar Singh Dhami, a show-cause notice has been issued to the company responsible for managing the DR centre. If negligence is found, appropriate action will be taken, she added.
To date, 160 of the 192 affected websites, including key public welfare platforms, have been restored. However, 32 websites remain offline, primarily due to outdated systems and expired software licenses. “We have instructed the concerned departments to upgrade their systems, as restoring the websites without these updates would leave them vulnerable to future cyber-attacks. We had given them prior reminders, but action was not taken. This time, there will be no leeway,” Khandelwal said.
An ITDA official, who wished to remain anonymous, shared that at least 12 government websites, including those of the health department, PWD, and SIDCUL, might remain offline for a longer duration. “Without proper upgrades, restoring these sites would leave them open to further attacks. While our team has restored major websites quickly this time, we cannot guarantee the same response in the future,” the official explained.
