In the ongoing investigation into the recent ransomware attack that led to the shutdown of 192 government websites in Uttarakhand, preliminary findings indicate that the initial breach occurred at the disaster recovery (DR) centre in Bengaluru. This centre, managed by a private company, was reportedly infiltrated by malware that affected 2-3 virtual machines, according to Nitika Khandelwal, director of the Uttarakhand IT Development Agency (ITDA).
Key Findings:
- Origin of the Attack: The ransomware attack is believed to have first infiltrated the DR centre in Bengaluru, managed by a private company, before spreading to ITDA’s data centre in Dehradun.
- Security Compromise: The breach at the DR centre suggests a compromise in its cybersecurity, prompting ITDA to issue a show-cause notice to the company responsible for managing the centre. The state government, under the directives of Chief Minister Pushkar Singh Dhami, will take necessary action if negligence is found.
Current Status of the Affected Websites:
- Restoration Progress: Out of the 192 affected websites, 160 have been restored, including those related to public welfare. However, 32 sites remain offline due to outdated systems and expired software licenses.
- Call for System Upgrades: Khandelwal emphasized the need for these departments to upgrade their systems to ensure the websites are not vulnerable to future cyberattacks. She noted that despite previous reminders, the concerned departments had failed to take necessary action.
- Challenges in Restoration: An ITDA official disclosed that 12 critical government websites, including those of the health department, Public Works Department (PWD), and State Infrastructure and Industrial Development Corporation of Uttarakhand Limited (SIDCUL), might not be restored soon due to the need for significant upgrades to their infrastructure.
Next Steps:
- The ITDA is continuing a detailed investigation to understand the full scope of the ransomware attack and prevent future incidents.
- The focus will remain on ensuring that websites are not only restored but also fortified against further cyber threats by updating outdated systems and renewing software licenses.
This incident highlights the importance of robust cybersecurity measures and the need for regular updates to protect critical infrastructure from increasingly sophisticated cyberattacks.
