Cyber Incident Victim: Press Trust of India
Date:
Oct 2020
Location:
India
Summary
The Press Trust of India experienced a significant ransomware attack by the LockBit group, which infected nearly all of its computer servers during evening hours on a Saturday. The incident severely disrupted the news agency's operations and halted delivery of services to hundreds of subscribers across the country for multiple hours. Technical teams worked through the night to restore affected systems and resume critical news distribution capabilities. The attack underscored vulnerabilities in the organization's infrastructure but was mitigated through sustained engineering efforts to recover compromised servers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 23, 2020, at approximately 10:00 PM, the Press Trust of India (PTI) experienced a significant ransomware attack targeting its computer servers. The attack, attributed to the LockBit ransomware group, infected nearly all servers operated by India’s largest news agency. This widespread infection caused substantial operational disruptions, halting the delivery of news content to hundreds of PTI subscribers nationwide. The incident persisted for several hours, severely impacting the agency’s ability to distribute critical news updates during the outage period. PTI engineers immediately initiated emergency response procedures upon detecting the attack, working through the night to contain the infection and restore functionality. The LockBit ransomware explicitly identified itself during the attack, though no specific ransom demands or data exfiltration claims were disclosed in available reports.
PTI’s technical team successfully restored affected systems following an intensive all-night recovery effort, with services returning to normal by the morning of October 24, 2020. A company spokesperson publicly confirmed the resolution of the incident on Sunday, emphasizing the restoration of news delivery capabilities to subscribers. The attack underscored the vulnerability of critical media infrastructure to disruptive cyber operations, though PTI did not release details regarding the initial attack vector or specific security measures implemented during containment. No subscriber data breaches or permanent data loss were reported as direct consequences of the incident. The disruption highlighted PTI’s reliance on centralized server infrastructure, with the near-total server compromise demonstrating the ransomware’s rapid propagation across networked systems.