U’khand cyber attack: Initial probe points to breach at B’luru backup centre – ET CISO
https://etimg.etb2bimg.com/thumb/msid-114367216,imgsize-7858,width-1200,height=765,overlay-etciso/data-breaches/ukhand-cyber-attack-initial-probe-points-to-breach-at-bluru-backup-centre.jpg
As the probe into the recent ransomware attack that forced the shutdown of 192 govt websites in the state continues, preliminary findings suggest the attackers first breached security at the disaster recovery (DR) centre in Bengaluru. The DR centre is managed by a private company, and 2-3 virtual machines at the centre were infected by malware, according to Nitika Khandelwal, director, Uttarakhand IT Development Agency (ITDA).
“Prima facie it was found that the ransomware first infiltrated the DR centre in Bengaluru, and from there, it spread to ITDA’s data centre in Dehradun,” Khandelwal told TOI.
She added that a detailed investigation is on. “But it was sure that the cyber security of the DR centre managed by the private company was compromised in the attack. A show-cause notice has been issued to the company managing the DR centre, following chief minister Pushkar Singh Dhami’s directives. If any negligence is found on their part, necessary action will be taken,” she said.
As of now, 160 of the affected 192 websites have been restored, including the ones related to public welfare. Khandelwal explained that 32 websites remain offline, primarily due to outdated systems and expired software licences. “We have asked the departments concerned to upgrade them, as restoring websites without the necessary updates will make them vulnerable to cyber-attacks. In the past also, we have given them reminders for the same, but they failed to act. This time, we have decided to give them no room,” she said.
Meanwhile, an ITDA official, requesting anonymity, shared that at least 12 govt websites, including those from the “health department, PWD, and SIDCUL”, might not be restored anytime soon. “Without upgrades, restoring these sites would expose them to future attacks. This time, our team has managed to restore the major websites in significant time, but we can’t ensure the same again,” the official added.