wordpress blog stats
Connect with us

Hi, what are you looking for?

Tamil Nadu government hit by cyber attack for second time this year, raising major questions

The latest ransomware attack brings many of the state government’s data digitisation projects into question.

Windows 7 PCs at the Tamil Nadu government’s Public Department were hit by a ransomware attack, according to reports by The Hindu, The New Indian Express, and IANS. Neeraj Mittal, the state’s Secretary of Information Technology, confirmed the hack to IANS, and reportedly told the wire agency, “It is true. Some computers suffered the ransomware attack,” adding that the government was “trying to get back the access [to affected PCs].”

MediaNama has reached out to the Public Department for comment. Top officials of the department were not reachable by phone for comment. The Hindu cited an unnamed official as saying that the hack was click-based — indicating that someone with access to the computers may have opened a suspicious link they shouldn’t have — and that the impacted files include details of arrangements of high-profile visitors, a key function of the department. It is unclear if hackers merely locked access to the files or obtained copies too. The union-run Centre for Development of Advanced Computing (C-DAC), which has an office at Chennai’s Tidel Park, is said to be working with the state government to try and recover the files.

A ransomware attack locks files on a target computer, demanding users for payment — usually in cryptocurrency that is hard to trace — to release access to the files; the malware usually encrypts the files, making recovery difficult without the attacker’s cooperation. Microsoft stopped providing even extended security updates to Windows 7 in 2020. This is the second major attack that the Tamil Nadu government’s systems have suffered this year, raising significant questions about the state government’s cybersecurity framework.

Tamil Nadu PDS cyberattack

In July, the Tamil Nadu government suffered a significant attack on its Public Distribution System, which has one of the richest databases of the state’s residents, as it is involved in providing access to subsidised commodities and welfare distribution. The government initially claimed that the breach was limited in scope and only affected public-facing parts of its website managed by a private company.

But in the days that followed, it emerged that the Makkal Number, an Aadhaar-like ID for the state’s residents, had been exposed in the breach. That number is a key element of the Tamil Nadu government’s State Family Database (SFD) project, an ambitious attempt to digitise information on all families living in the state.

Advertisement. Scroll to continue reading.

The SFD is not the only database whose security is coming into question. Earlier this month, the state’s health minister announced that Tamil Nadu will create a Universal Health ID for citizens, potentially duplicating the union government’s own efforts to create a similar ID for patients in the country, while also raising questions on the security of information stored under such IDs. India doesn’t have a data protection law. Tamil Nadu has a Cyber Security Policy, released by the previous AIADMK-led government last year.

That policy recommends a well-equipped and prepared Computer Emergency Response Team for Tamil Nadu. While this organisation exists on paper, its officers are currently just a committee of bureaucrats who also have other roles in the Tamil Nadu government.

Questions for TN Public Department

MediaNama had the following queries for the Public Department. We will update this story if we hear back from them:

  • How many computers were affected?
  • Is there any indication that hackers have obtained a copy of the contents of the affected computers?
  • What was the initial response, and has an external cybersecurity firm been engaged to assess the situation further?
  • Are reports that the systems were using the Windows 7 operating system correct? If so, why was the operating system not updated since even extended support for it ended on January 14, 2020?
  • Was the March 2017 security update to patch a vulnerability to ransomware vectors installed on the affected PCs? If not, why?
  • Is the Public Department reviewing its cybersecurity procedures and policies after this attack?
  • Is it true that hackers have demanded a ransom of US$1,950? If so, does the Department intend on paying this ransom?
  • Do comprehensive backups of the impacted data exist? If so, how recent are they?

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ