Cyber Incident Victim: Government of Maharashtra
Date:
May 2017
Location:
India
Summary
A ransomware attack disrupted the computer systems of a civic body in Maharashtra, affecting 25 computers with outdated antivirus protection or online connectivity. The WannaCry virus encrypted files and persisted despite removal attempts, forcing a full IT shutdown that hindered daily operations reliant on digital data. While officials confirmed backups prevented data loss, recovery efforts faced delays due to the malware's resilience, requiring additional time to fully restore functionality. The incident underscored vulnerabilities in maintaining updated security protocols within critical municipal infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Kalyan Dombivli Municipal Corporation (KDMC), a civic body under the Government of Maharashtra, experienced a disruptive ransomware attack in May 2017. On or around May 12-13, the WannaCry ransomware virus infected 25 computers within the municipal corporation’s IT infrastructure. The affected systems were those that remained online or lacked updated antivirus protection, resulting in the encryption of Microsoft Word and Excel files. The attack prompted the KDMC IT department to initiate immediate recovery efforts by Friday evening (May 12). However, technicians encountered persistent challenges as the virus continued to reinfect files even after initial removal attempts, complicating restoration work. This forced the complete shutdown of the civic body’s entire IT system by the evening of May 12 to prevent further spread.
The IT department’s recovery efforts remained ongoing three days after the initial attack, with officials estimating on May 16 that full restoration would require three additional days. KDMC authorities confirmed that data loss was not a critical concern due to existing backups of all affected files. Nevertheless, the prolonged IT system shutdown significantly hampered daily operations, as the municipal corporation relied heavily on digital systems for information management and service delivery. Offline workarounds caused operational delays across departments. E Ravendiran, KDMC Commissioner, publicly acknowledged the severity of the disruption and the anticipated timeline for system recovery, emphasizing the persistent technical hurdles faced by IT staff during containment and restoration activities.