Cyber Incident Victim: Government of Gujarat
Date:
May 2017
Location:
India
Summary
A ransomware attack impacted the Government of Gujarat's IT network, affecting approximately 120 computers alongside other regional entities including districts in Kerala, power utilities in West Bengal, and Andhra Pradesh police systems. The WannaCry malware exploited vulnerabilities in systems running pirated or outdated Microsoft software, particularly unpatched Windows XP installations. This incident occurred amid a global outbreak affecting over 150 countries, with notable disruptions to healthcare services in the UK and widespread institutional compromises in China. Indian authorities isolated infected machines and emphasized ongoing security upgrades, including patch installations initiated months prior and plans for a centralized cyber coordination center. Microsoft subsequently released emergency patches for legacy systems following the attack's propagation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The WannaCry ransomware attack impacted multiple Indian government systems on May 12, 2017, including approximately 120 computers connected to the Gujarat government's information technology network. The attack coincided with global infections affecting over 150 countries, with particularly severe disruptions reported in the United Kingdom's National Healthcare System and Chinese government agencies. In India, the malware compromised systems across several states through vulnerabilities in outdated or unlicensed software. Kerala reported infections in two panchayat offices in Wayanad district where computers ran pirated Microsoft software, while West Bengal experienced attacks on power utility systems across four blocks of West Midnapore district and Balurghat's South Dinajpur region. Andhra Pradesh separately confirmed over 100 affected systems within its police department infrastructure. The ransomware encrypted devices and demanded payment for decryption, exploiting weaknesses in Microsoft Windows XP systems that lacked security updates.
Indian authorities implemented containment measures including isolating and shutting down infected computers, with Kerala's Cyberdome cybersecurity team leveraging specialized ransomware training to manage the situation. Union Minister Ravi Shankar Prasad confirmed proactive security updates since March 2017, including patch installations and plans to establish a national cyber coordination center by June. Microsoft issued emergency patches for outdated systems following the attack's global spread. While officials reported no loss of sensitive data in Kerala and noted reduced infection rates by nighttime, the incident highlighted vulnerabilities in government networks using unlicensed software or legacy operating systems. The coordinated response involved multiple state agencies but revealed fragmented cybersecurity preparedness across different administrative levels during large-scale attacks.