Brinztech Alert: Database of ICAR is Leaked

A threat actor on a known cybercrime forum is making an extraordinary claim to have exfiltrated and put up for sale 20 terabytes of data allegedly from the Indian Council of Agricultural Research (ICAR). In their post, the actor asserts that this data exfiltration followed a previous, devastating ransomware attack in which one petabyte of ICAR’s data was encrypted. The seller further alleges that the organization was unable to recover the encrypted data. The data now for sale purportedly includes sensitive agricultural research, information on scientists, and personnel recruitment details.  

This claim, if true, represents a catastrophic national security and intellectual property breach for India. Agricultural research is a vital component of a nation’s food security and economy. The alleged theft of 20TB of this critical data, following what was described as a crippling ransomware attack, points to a highly successful and multi-phased cyberattack. The sale of this information on the dark web could lead to the loss of years of valuable research to corporate or state-level adversaries.

Key Cybersecurity Insights

This alleged data breach presents a critical threat to India’s national and economic security:

• Threat to National Food Security and Intellectual Property: The alleged theft of sensitive agricultural research data is a major blow. This intellectual property could be sold to rival nations or corporations, undermining India’s agricultural competitiveness, compromising food security initiatives, and negating billions of dollars in research and development investment.  
• Classic Double-Extortion Ransomware Attack: The actor’s narrative—first encrypting data for ransom and then selling the exfiltrated copy—is a classic double-extortion tactic. The claim that ICAR was unable to recover from the initial encryption suggests a highly destructive and successful ransomware event, with the current data sale representing the attackers’ second phase of monetization.
• Targeting of Scientific Personnel: The specific mention of “scientist information” and “recruitment details” is extremely concerning. This data could be used by foreign intelligence agencies or corporate spies for industrial espionage, targeted spear-phishing campaigns against India’s top agricultural scientists, or to attempt to recruit key researchers.  

Mitigation Strategies

In response to a claim of this magnitude, the Indian government and its agencies must take immediate and decisive action:

• Urgent National-Level Investigation: The Indian Computer Emergency Response Team (CERT-In) and other national security agencies must launch an immediate, full-scale investigation to verify these claims. This requires a deep forensic analysis to confirm the initial ransomware attack and the subsequent data exfiltration and to understand the full scope of the compromised data.
• Protect Scientific and Research Personnel: ICAR must operate under the assumption that its personnel data has been compromised. It is critical to alert all current and former scientists and staff, mandate immediate password resets, and enforce Multi-Factor Authentication (MFA) on all accounts to protect against targeted attacks.
• Strengthen Security for all Critical Research Data: A breach of this scale would necessitate a complete overhaul of cybersecurity protocols for all of India’s critical research institutions. This includes implementing robust Data Loss Prevention (DLP) solutions, using network segmentation to isolate sensitive research data, and developing specific incident response plans for handling breaches of vital national intellectual property.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com