Ransomware Attack on Cochin University of Science and Technology by Arcus Media
Ransomware Attack on Cochin University of Science and Technology by Arcus Media
Victim Overview
Cochin University of Science and Technology (CUSAT) is a prestigious public university located in Kochi, India. With over 9,000 students and a faculty strength of around 460 members, CUSAT is known for its strong academic programs and research initiatives. The university offers a wide range of undergraduate, postgraduate, and doctoral programs in various fields of science, engineering, technology, humanities, and social sciences. CUSAT is recognized by the University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) and has been ranked 37 among the top universities in India by the National Institutional Ranking Framework (NIRF) in 2023.
Attack Overview
The ransomware group Arcus Media, a new threat actor discovered in May 2029, has claimed responsibility for an attack on CUSAT. The attack on CUSAT is part of a series of 11 attacks carried out by Arcus Media. The group is known for conducting direct and double extortion methods, using phishing emails to gain initial access, deploying custom ransomware binaries, and employing obfuscation techniques to evade detection.
Ransomware Group: Arcus Media
Arcus Media operates as a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware and taking a cut of the profits. The group has a unique affiliate program where new affiliates must be referred by another trusted affiliate and vetted to participate. Arcus Media has targeted a wide range of sectors, including government, banking and finance, construction, IT, healthcare, and education.
How the Attack Occurred
The cybercriminal gang likely gained access to CUSAT's network through phishing emails with malicious attachments or links. Once inside the network, the group deployed custom ransomware binaries and used obfuscation techniques to hide their activities. They may have established persistence on the infected systems through scheduled tasks and registry modifications, making it difficult for security tools to detect and remove the ransomware.
Company Vulnerabilities
CUSAT, like many educational institutions, may have vulnerabilities in their cybersecurity defenses due to the large number of users accessing their network and the diverse range of devices connected to their systems. Additionally, the reliance on government funding and tuition fees for revenue may limit the resources available for robust cybersecurity measures, making them an attractive target for threat actors like Arcus Media.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!