Ransomware Attack on Cochin University of Science and Technology by Arcus Media

Incident Date: May 24, 2024

Attack Overview
VICTIM
Cusat
INDUSTRY
Education
LOCATION
India
ATTACKER
Arcus Media
FIRST REPORTED
May 24, 2024

Ransomware Attack on Cochin University of Science and Technology by Arcus Media

Victim Overview

Cochin University of Science and Technology (CUSAT) is a prestigious public university located in Kochi, India. With over 9,000 students and a faculty strength of around 460 members, CUSAT is known for its strong academic programs and research initiatives. The university offers a wide range of undergraduate, postgraduate, and doctoral programs in various fields of science, engineering, technology, humanities, and social sciences. CUSAT is recognized by the University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) and has been ranked 37 among the top universities in India by the National Institutional Ranking Framework (NIRF) in 2023.

Attack Overview

The ransomware group Arcus Media, a new threat actor discovered in May 2029, has claimed responsibility for an attack on CUSAT. The attack on CUSAT is part of a series of 11 attacks carried out by Arcus Media. The group is known for conducting direct and double extortion methods, using phishing emails to gain initial access, deploying custom ransomware binaries, and employing obfuscation techniques to evade detection.

Ransomware Group: Arcus Media

Arcus Media operates as a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware and taking a cut of the profits. The group has a unique affiliate program where new affiliates must be referred by another trusted affiliate and vetted to participate. Arcus Media has targeted a wide range of sectors, including government, banking and finance, construction, IT, healthcare, and education.

How the Attack Occurred

The cybercriminal gang likely gained access to CUSAT's network through phishing emails with malicious attachments or links. Once inside the network, the group deployed custom ransomware binaries and used obfuscation techniques to hide their activities. They may have established persistence on the infected systems through scheduled tasks and registry modifications, making it difficult for security tools to detect and remove the ransomware.

Company Vulnerabilities

CUSAT, like many educational institutions, may have vulnerabilities in their cybersecurity defenses due to the large number of users accessing their network and the diverse range of devices connected to their systems. Additionally, the reliance on government funding and tuition fees for revenue may limit the resources available for robust cybersecurity measures, making them an attractive target for threat actors like Arcus Media.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.