Ransomware Attack on Cochin University of Science and Technology by Arcus Media

Incident Date:

May 24, 2024

World map



Ransomware Attack on Cochin University of Science and Technology by Arcus Media




Arcus Media


Kochi, India

, India

First Reported

May 24, 2024

Ransomware Attack on Cochin University of Science and Technology by Arcus Media

Victim Overview

Cochin University of Science and Technology (CUSAT) is a prestigious public university located in Kochi, India. With over 9,000 students and a faculty strength of around 460 members, CUSAT is known for its strong academic programs and research initiatives. The university offers a wide range of undergraduate, postgraduate, and doctoral programs in various fields of science, engineering, technology, humanities, and social sciences. CUSAT is recognized by the University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) and has been ranked 37 among the top universities in India by the National Institutional Ranking Framework (NIRF) in 2023.

Attack Overview

The ransomware group Arcus Media, a new threat actor discovered in May 2029, has claimed responsibility for an attack on CUSAT. The attack on CUSAT is part of a series of 11 attacks carried out by Arcus Media. The group is known for conducting direct and double extortion methods, using phishing emails to gain initial access, deploying custom ransomware binaries, and employing obfuscation techniques to evade detection.

Ransomware Group: Arcus Media

Arcus Media operates as a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware and taking a cut of the profits. The group has a unique affiliate program where new affiliates must be referred by another trusted affiliate and vetted to participate. Arcus Media has targeted a wide range of sectors, including government, banking and finance, construction, IT, healthcare, and education.

How the Attack Occurred

The cybercriminal gang likely gained access to CUSAT's network through phishing emails with malicious attachments or links. Once inside the network, the group deployed custom ransomware binaries and used obfuscation techniques to hide their activities. They may have established persistence on the infected systems through scheduled tasks and registry modifications, making it difficult for security tools to detect and remove the ransomware.

Company Vulnerabilities

CUSAT, like many educational institutions, may have vulnerabilities in their cybersecurity defenses due to the large number of users accessing their network and the diverse range of devices connected to their systems. Additionally, the reliance on government funding and tuition fees for revenue may limit the resources available for robust cybersecurity measures, making them an attractive target for threat actors like Arcus Media.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.