In Dehradun, a cyberattack led to the shutdown of around 186 government websites for nearly 60 hours, starting from the afternoon of October 2. An unidentified hacker reportedly breached the Information Technology Development Agency (ITDA) server, locking data files and demanding a ransom, according to the state cyber police. The case has been registered in Dehradun’s state cyber police station.
During a press briefing, Inspector General (Law & Order) Nilesh Anand Bharne, along with DIG Senthil Avoodai Krishna Raj S and SSP (STF) Navneet Singh, stated that a special investigation team (SIT) has been established to handle the case. This follows a report from *The Times of India* indicating that an “outsider” had breached the outer firewall of the state’s data center.
Bharne noted that the attack took place between 2:45 pm and 2:55 pm last Wednesday while a technical team was resolving issues with the Crime and Criminal Tracking Network and Systems (CCTNS). During this process, the system unexpectedly stopped working, and several other government websites also went offline. Investigations revealed that the hacker gained unauthorized access to the ITDA server, locking data files in a suspected ransomware attack. The attacker left a message instructing officials to contact two email addresses, ‘hermesaa@tutamail.com’ and ‘linger11@cock.li,’ to regain access to the data, demanding a ransom in return.
Despite the attack, Bharne assured that no data was lost, as IT experts promptly restored the affected websites using backup data. “The entire system was temporarily shut down for a comprehensive deep scan of all websites and systems while the state cyber police gathered digital evidence for further analysis,” Bharne added. The case has been filed under section 308(4) (extortion) of the BNS and sections 65, 66, and 66(c) of the IT Act.
Experts from various central agencies, including the Indian Cyber Crime Coordination Centre (I4C), the National Investigation Agency (NIA), CERT-In, and the National Critical Information Infrastructure Protection Centre (NCIIPC), are aiding in the technical investigation to evaluate the virus infection. Bharne mentioned that “almost all key government websites have been restored.”
An unnamed police officer involved in the case confirmed to *The Times of India* that the ransom demand was made in cryptocurrency. “No ransom was paid, following the clear mandate of CERT-In, which prohibits such payments. Additionally, no data was lost as the ITDA maintains two separate backup data centers across the country,” the officer said.