Has IIT Madras been hit by ransomware that is holding all their research data hostage?

Students at IIT Madras, the top-ranked institution in the country by the NIRF, are petrified that they have lost all their data, after a suspected ransomware attack on the institute's internet and Command and Control servers since Wednesday. Even though the institute says that it has a back-up for everything on the email servers, some students are concerned that they have not got their data back without paying the ransom. One of the top academic and research institutes in the country, IIT Madras has been working on a number of government-funded projects, the latest being the development of new technology to revolutionise the way we vote. 

A researcher in the institute had shared with Edexlive, a screenshot of a message that he received when he logged into the server that is adorned with a set of crossbones and the rather ominous message: All your files have been encrypted. The language and the proposition — asking for funds to be transferred if they want their data back — are classic signs of a ransomware attack. Ransomware is defined as a type of malware that enters a system, encrypts the user's files and holds it hostage unless the hacker is paid a sum of money.

The screenshot of the message

The message goes on to say that all the data has been encrypted and that, should the user choose to decrypt it, they have to pay the necessary fee. Instructions follow about how they have to write to the hacker happychoose@cock.li or happychoose2@cock.li and give their user ID, after which the hacker will assign a price for the data. "After we send you instructions on how to pay for decrypt and after the payment, you will receive a decryptor and instructions," reads the message. It also instructs the students to not depend on anyone else to decrypt the file and to not run an anti-virus program as it will lead to the loss of all the data.

Coincidentally, the IIT Madras Students' General Secretary had sent an email to all the students asking them to back-up the data. Edexlive has accessed a copy of the same. It reads, "There is a serious attack on computers on the campus that has brought several of the CC servers down. The virus appears to target computers running on windows." The email also says that the virus aims to make the computers unusable and asks the students to backup all the critical data in their rooms and labs "immediately"

The email that was sent to the students

We also spoke to Cyber Security professional Manu Zachariah, who further confirmed the suspicion. "This looks like a ransomware attack on the IIT Madras server. This is not unusual or unexpected though, as IIT servers haven't been safe for a long time. They have had issues in other IITs too in the past," he says.

In their initial response, IIT Madras had released a statement, that read, "The email server at IIT Madras went down and the cause is being investigated. The Institute has a back-up for the email system and will restore the system soon." Bhaskar Ramamurthy, Director, IIT Madras later commented on this, saying, "One of the email servers was down temporarily and has since been restored. All email on this server was backed up and no mails were lost. No other services were affected. The cause is being investigated."

Further queries about the ransomware attack have not been respond to. 

*This copy was updated with the IIT Madras Director's quote.