IIT Madras was not hit by a ransomware attack last week, Rashmi Uday Kumar, the Assistant Registrar (PR and Communications), told MediaNama. She said that email service was down for a few hours last week, but the issue has since been fixed. She refuted a New Indian Express report that said that hackers had encrypted all data stored on IIT’s systems and were holding the decryption key for a ransom. Kumar said that the experts were looking into what caused it as the cause hasn’t yet been determined. She refused to clarify if the experts were from IIT Madras itself. We have also reached out to the IIT Madras Computer Centre for more information. Bhaskar Ramamurthy, the Director, reportedly told NIE that “All email on this server was backed up and no mails were lost. No other services were affected.”
The publication had initially reported that the institute’s internet, and Command and Control servers were hit by a ransomware attack on February 19. Despite denials from the administration, the Students’ General Secretary reportedly sent an email to all students calling its “a serious attack on computers in the campus that has brought several of the CC servers down”. It asked students to “immediately” back up all “critical data in windows [sic] systems”. We have tried to get in touch with the General Secretary, but have not hear back.
On logging into the server, researchers reportedly received the following message (quoted verbatim from the screenshot on NIE):
“ALL YOU IMPORTANT DATA HAS BEEN ENCRYPTED
To recover your data, you need decryptor.
To get the decryptor you should:
Send 1 test image or text file email@example.com or firstname.lastname@example.org. in the letter include YOUR ID (look at the beginning of this document).
We will give you the decrypted file and assign the price for decryption all files.
After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions. We can decrypt one file in quality the evidence that we have the decoder.
- Only email@example.com or firstname.lastname@example.org can decrypt your files
- Do not trust anyone email@example.com or firstname.lastname@example.org
- Do not attempt to remove the program or run the anti-virus tools
- Attempts to selef-decrypting files will result in the loss of your data
- Decoders other users are not compatible with your data, because each user’s unique encryption key”