India’s hill state of Uttarakhand’s entire IT infrastructure came to a standstill on Friday after malware was detected on systems at the State Data Center. The shutdown impacted several critical services, including government websites, the Chief Minister’s helpline, and land registration services.
Officials, suspecting a cyberattack, launched an investigation into the breach, while IT Secretary Nitesh Jha ordered the shutdown of all services to mitigate potential damage. Key systems, such as the State Wide Area Network (SWAN) and Secure Internet Service, went offline, affecting day-to-day operations across the state.
“During routine scanning on Gandhi Jayanti [October 2], malware was discovered on some virtual machines at the State Data Centre. On advice from the National Informatics Centre (NIC), Indian Computer Emergency Response Team (CERT-In), and other experts, all machines at the data center have been shut down to prevent further spread,” the state government said in a statement.
The State Data Center hosts 123 citizen-centric applications across 83 departments. It operates 688 virtual machines on the latest hyper-converged infrastructure (HCI) using 10 racks.
The state’s Information Technology Development Agency (ITDA) is working with experts from the National Informatics Centre (NIC) and the Indian Computer Emergency Response Team (CERT-In) to address the malware attack. An official statement from the government noted that the shutdown was a precautionary step to prevent the spread of malware across more virtual machines.
According to IT Secretary Nitesh Jha, while 11 out of 1,378 virtual machines were affected by the malware, there was no data loss. “The scanning process has been repeated several times, and some critical services, including e-office and the Chief Minister’s helpline, have resumed,” Jha added in the statement.
Despite efforts throughout the day to resolve the issue, key services like SWAN could not be fully restored as of Friday evening. All websites connected to the State Data Centre remained offline.
A query to the director of ITDA seeking current status remains unanswered.
Chief Minister orders cybersecurity overhaul
In response to the attack, Uttarakhand Chief Minister Pushkar Singh Dhami held an emergency meeting on Saturday with state officials, police, and cybersecurity experts. The Chief Minister directed that all affected systems be restored by Monday and emphasized the need for stronger cybersecurity measures.
Dhami called for the formation of a state-level cybersecurity task force and the modernization of security protocols at the State Data Center. “A disaster recovery center must be established, and a security audit should be conducted regularly to prevent such incidents in the future,” Dhami said in an X post.
“The company doing technical work in ITDA should be reviewed again, if any negligence is found during the review, action should be taken against the company.”
Experts, along with representatives from the police department and senior officials from the State Data Center, State Wide Area Network (SWAN), National Informatics Centre (NIC), and the ITDA attended the meeting.
Additionally, Dhami urged ITDA to ensure that antivirus systems are regularly updated across all government offices and that personnel receive cybersecurity training to avoid similar issues in the future.
Efforts to fully restore the IT infrastructure are ongoing, the statement added.
No Responses