Cyber Crime
I4C , CERT-In, NCIIPC , Dehradun Cyber Police and ITDA are jointly Investigating into Ransomware attack on IT infrastructure of Uttarakhand
A recent cyberattack on the Uttarakhand State Data Center on October 2 has caused significant disruption to several government websites and services, triggering a swift response from local and central authorities. The breach, which took place during a narrow 10-minute window between 2:45 PM and 2:55 PM, led to the shutdown of systems supporting key functions like treasury operations, police case filings via the Crime and Criminal Tracking Network and System (CCTNS), and other crucial e-governance services. Hackers left a message on the servers of the State’s Information Technology Development Agency (ITDA), demanding a ransom in exchange for restoring the seized data.
ALSO READ: Join The Movement: Registration Open for ‘Cyber Safe Uttar Pradesh’ Event by FCRF on October 17
Authorities, however, refused to comply with the ransom demand. Instead, a Special Investigation Team (SIT), alongside central agencies such as the Indian Cyber Crime Coordination Centre (I4C), CERT-In, and the National Critical Information Infrastructure Protection Centre (NCIIPC), launched an immediate probe. Forensic investigations are underway to determine how the malware infiltrated the system. Initial reports suggest the virus may have entered through an unauthorized application, though the possibility of a deliberate cyberattack remains under scrutiny. The Cyber Crime Police Station has filed an FIR invoking sections of the Information Technology Act for unauthorized access and system tampering.
Expert teams, including the Uttarakhand Special Task Force (STF) and ITDA cyber experts, have spent days scanning and sanitizing the affected systems. They recovered vital digital logs and virus files, which are being analyzed to strengthen defenses. Despite the government’s efforts to restore services, around 15 to 20 websites remain offline due to outdated operating systems. ITDA officials have decided to rebuild these websites from scratch with enhanced cybersecurity measures to ensure their safe return to public access.
As of Monday, critical services such as e-filing in the Secretariat and treasury operations in Dehradun were restored, and salary and pension disbursements resumed. The response from central agencies has been praised, with their collaboration expected to uncover more details about the breach and improve future cybersecurity protocols.
ITDA has also taken steps to bolster its internal infrastructure, making permanent appointments, including positions to manage the State Wide Area Network (SWAN) and the State Data Center. A Chief Security Officer is expected to be appointed soon as part of ongoing efforts to reinforce cybersecurity and prevent future incidents.