Amid the ongoing tensions between India and Pakistan (here, here, & here), a post (here, here, here, and here) claiming that ATMs across the country will be closed for 2–3 days due to cyberattacks by Pakistan is being widely circulated on social media platforms. The post reads: ‘ATMs will be closed for the next 2–3 days, probably due to a ransomware cyberattack originating in Pakistan. Do not carry out any online transactions today. Please inform all your contacts not to open a video titled “Dance of the Hillary”. It is a virus that formats your mobile phone. Be cautious—it is very dangerous. This was announced today on BBC Radio.’ Through this article, let us fact-check the claim made in the post.
Claim: Amid rising India–Pakistan tensions, ATMs across India will remain closed for 2–3 days due to a ransomware cyberattack by Pakistan.
Fact: The viral post claiming that ATMs across India would remain closed for 2–3 days due to a ransomware cyberattack by Pakistan is false. On 08 May 2025, the fact-checking unit of the Government of India’s Press Information Bureau (PIB) clarified in a post on X (formerly Twitter) that the claim regarding ATM closures is false. The post further confirmed that ATMs would continue to operate as usual. On 09 May 2025, SBI stated in a post on X (formerly Twitter) that all SBI ATMs, CDMs/ADWMs, and digital services are fully operational and available for public use. Moreover, ‘Dance of the Hillary’ is a hoax that has been circulating since at least 2016.Hence, the claim made in the post is FALSE.
To verify the authenticity of the viral claim, we conducted a relevant keyword search but did not find any credible reports supporting it. We then checked the official websites of the Indian Computer Emergency Response Team (CERT-In) and the official website of the Ministry of Electronics and Information Technology regarding the apparent threat mentioned in the viral post. However, we found no advisory notices on either of these websites.
CERT-In is the national agency responsible for responding to cybersecurity incidents in India. It is mandated to monitor and track such incidents, issue alerts and advisories on emerging cyber threats and vulnerabilities, and recommend countermeasures to ensure the safe use of digital technologies. CERT-In also notifies affected organisations about data breaches and ransomware attacks, suggests remedial actions, and coordinates incident response efforts.
The agency also operates the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre), which helps detect malicious software and provides free tools for its removal. It offers cybersecurity tips and best practices, and regularly issues alerts about current cyber threats, along with recommended safety measures. However, we did not find any advisory or alert related to the viral claim on this website either. The last alert issued was regarding the ransomware virus ‘RansomHub’ in October 2024.
Furthermore, on 08 May 2025, the Government of India’s PIB Fact Check unit clarified via a post on X (formerly Twitter) that the claim stating ATMs would be closed for 2–3 days is false. The post confirmed that ATMs would continue to operate as usual.
Additionally, we also found a post by the State Bank of India (SBI) on X (formerly Twitter), dated 08 May 2025, clarifying that all SBI ATMs, CDMs/ADWMs, and digital services are fully operational and available for public use. The post also urged users not to rely on unverified information. Based on all this information, it is clear that the viral post claiming that ATMs across India would remain closed for 2–3 days due to a ransomware cyberattack by Pakistan is fake.
The viral post also claims that a video titled ‘Dance of the Hillary’ or an email attachment named ‘tasksche.exe’ will trigger a cyberattack, and attributes this warning to BBC Radio. However, we neither found any official statement from the BBC nor any credible news reports confirming that such a warning was issued by them.
Our research found that warning messages related to ‘Dance of the Hillary’ are a hoax, and have been viral since at least 2016. Several fact-checkers have previously debunked this message, confirming it to be false. One such fact-check article can be read here. News reports stating that these warnings are unfounded hoaxes that have been circulating for quite some time can be read here and here. In 2017, the Malaysian Computer Emergency Response Team also labelled this viral message as a hoax (here).
At the same time, malware attacks involving a file named “tasksche.exe” did occur during the WannaCry ransomware outbreak in 2017 (here), which affected hundreds of thousands of computers worldwide. Reports (here, here) indicate that India was among the countries most severely impacted by WannaCry.
Ransomware Cyber-attacks
Ransomware attacks involve malicious software that infects a computer and restricts users’ access to their files by encrypting them until a ransom—usually paid in cryptocurrency—is demanded to unlock them. Cyber threat actors often exploit known vulnerabilities, compromised credentials for remote access services, and phishing campaigns to infiltrate an organisation’s infrastructure.
A prominent example is WannaCry (2017), which affected hundreds of thousands of computers worldwide. It was notorious for targeting large corporations and demanding multimillion-pound ransoms.
Major Impacts of Ransomware Attacks
Ransomware attacks can significantly impact both businesses and individuals. The major consequences include:
- Operational Disruption
- Data Loss
- Financial Losses
- Compromised Sensitive Information
Major Ransomware Attacks in India
- AIIMS, Delhi (2022): Five physical servers at AIIMS, New Delhi, were compromised in a cyber-attack that encrypted approximately 1.3 terabytes of data. Hospital services were disrupted for several weeks.
- Jawaharlal Nehru Port Trust (JNPT) (2017): The APM Maersk Terminal at JNPT was hit by the Petya ransomware, bringing terminal operations to a standstill.
- Kudankulam Nuclear Power Plant (KKNPP) (2019): A malware infection was detected on the administrative network of the plant.
- Union Bank of India: A cyber-attack breached one of the bank’s offshore accounts. However, the money trail was successfully traced, and the movement of funds was blocked or reversed.
The Ministry of Home Affairs (MHA) is also actively involved in combating cybercrime through the Indian Cyber Crime Coordination Centre (I4C). The I4C works in coordination with various law enforcement agencies (LEAs) and stakeholders to address cyber threats.
The National Cyber Crime Reporting Portal (NCRP), launched by the I4C, is a citizen-centric platform where individuals can report incidents of cybercrime. The MHA also promotes cyber awareness through its official social media handle, “CyberDost“. In addition, the National Counter Ransomware Taskforce, operating under the MHA, is responsible for formulating effective strategies to counter ransomware threats.
As highlighted in Interpol’s ‘Global Trend Summary Report’ (2022), ransomware remains one of the most serious cybercrime threats globally, with the likelihood of such incidents increasing significantly in the future. In 2021 and 2022, CERT-In reported 132 and 202 ransomware incidents, respectively. According to data reported to and monitored by CERT-In, the number of cybersecurity incidents increased from 11.58 lakhs in 2020 to 20.41 lakhs in 2024.
| Year | Number of Cyber Security Incidents |
|---|---|
| 2020 | 11,58,208 |
| 2021 | 14,02,809 |
| 2022 | 13,91,457 |
| 2023 | 15,92,917 |
| 2024 | 20,41,360 |
Note: Information about ransomware attacks in India, relevant government initiatives and data is sourced from Factly’s Tagore AI, an AI-Powered Research Platform Driven by Millions of Authentic & Official Documents. You can explore Tagore AI here.
To sum it up, the viral post claiming that ATMs across India would remain closed for 2–3 days due to a ransomware cyberattack by Pakistan is fake.
