“Hackers had demanded ransom to make data available”
By Our Staff Reporter
Dehradun, 8 Oct: IG, Law & Order, Nilesh Anand Bharne held a press conference here today to provide detailed information about the recent cyberattack. Bharne confirmed that, after the cyberattack on the Uttarakhand State Data Centre on 2 October, almost all websites and applications are now functioning smoothly. He added that the Uttarakhand police are working to identify the suspected cyber attackers.
Bharne shared that, on 2 October, between 2:45 and 2:55 p.m., the Crime and Criminal Tracking Network and Systems (CCTNS) of the Uttarakhand Police stopped working. Subsequently, other systems were checked and found to be non-functional as well, which was reported to the Information Technology Development Agency (ITDA). Upon inspection of the ITDA server, hacking-related messages were found in all folders. He added that majority of the websites related to public services of the government had stopped functioning and turned inaccessible.
Bharne also shared that the hackers provided an email ID for contact through the message and had claimed that the government data which had become inaccessible would be made available to the departments concerned after payment. Consequently, on 3 October, a case was registered at the Cyber Crime Police Station under Section 308 (4) Bharatiya Nyay Sanhita (BNS) and Sections 65/66/66-C of the IT Act.
Bharne claimed that the Police have begun investigation into the case. He said that considering the seriousness of the cyber-attack, SSP STF Navneet Singh has constituted a special team. The special team, led by DSP Ankush Mishra, will investigate the entire matter and take all necessary legal action. The police team has recovered the system and virus files related to the CCTNS to preserve all digital logs and searches. The technical cause of the virus is also being investigated in the preliminary inquiry. Additionally, a copy of the virtual machine’s forensic examination will be sent for further analysis. The cyber infrastructure has been improved with the help of ITDA’s cyber experts.
The IG explained that the data centre operates on virtual machines. About 10 to 12 virtual machines were affected by this attack, but the rest of the systems were halted immediately upon receiving the attack notification. However, the police system is now back to normal. Considering the seriousness of this matter, cooperation has been sought from various central agencies like I4C, Ministry of Home Affairs, NIA, CERT-IN, and NCIIPC. All the machines at the data centre have been scanned three times, and scanning has been done using different tools.
The police team has successfully recovered various digital logs, evidence preservation system and virus files from the spot. Along with this, the technical reason for the virus is also being included in the investigation in the initial analysis.
The IG Law & Order claimed that the digital copies of the virtual machines of the technical equipment used by the police team will be sent for forensic analysis and asserted that the current cyber infrastructure has been successfully strengthened with the cyber analysts of ITDA.
In the press conference, it was also shared that the STF special team is in constant touch and is working in coordination with the ITDA personnel which helped prevent the possible losses in this case. And it will help in improving the information technology system by finding the reason for the arrival of such viruses in the future. The Police and the STF teams are also working in cooperation with the central agencies like 14C, Home Ministry, NIA, CERT-IN and NCIIPC etc.