Cyber Incident Victim: Government of West Bengal
Date:
May 2017
Location:
India
Summary
A ransomware attack impacted the Government of West Bengal, affecting power utility computers across multiple districts including West Midnapore and South Dinajpur. Systems in four blocks of West Midnapore—Belda, Datan, Narayangarh, and Keshiyari—along with Balurghat's infrastructure were compromised by the WannaCry virus, part of a global cyber incident targeting outdated or unlicensed software. The attack mirrored infections in other Indian states and international entities, exploiting vulnerabilities in systems running unsupported operating systems like Windows XP. While no sensitive data loss was confirmed in Bengal, the incident highlighted widespread infrastructure vulnerabilities to ransomware that encrypts devices and demands payment for restoration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The WannaCry ransomware attack impacted multiple Indian states around May 12, 2017, including West Bengal. Computers in four blocks of West Midnapore district—Belda, Datan, Narayanggarh, and Keshiyari—were compromised, along with systems at a power utility in Balurghat, South Dinajpur district. This incident occurred amid a global cyberattack affecting approximately 150 countries, with notable disruptions to the UK's National Health Service and over 30,000 Chinese institutions. The ransomware encrypted devices and demanded payment for decryption, exploiting vulnerabilities in outdated operating systems like Windows XP, for which Microsoft had discontinued mainstream support. In India, additional infections were reported across 120 computers in Gujarat's government IT network and over 100 systems in Andhra Pradesh's police department. Kerala's Wayanad panchayat also experienced infections linked to pirated Microsoft software installations.
Indian authorities implemented containment measures, including isolating and shutting down infected machines to prevent further spread. Kerala's Cyberdome ransomware response team managed local containment efforts, reporting no loss of sensitive data despite the compromise. At the national level, Union Minister Ravi Shankar Prasad confirmed ongoing security upgrades since March 2017, including patch installations and plans to establish a Cyber Coordination Centre by June. Microsoft released emergency patches for unsupported systems like Windows XP following the outbreak. By nighttime on May 12, the virus's propagation rate had decreased globally, though restoration efforts continued across affected regions. The attack underscored systemic risks associated with unlicensed software and legacy infrastructure in government operations.