Last September 22, the Philippine Health Insurance Corp. (PhilHealth) was struck by the Medusa Ransomewear. Now, the hackers have made their demands.
According to DICT Undersecretary Jeffrey Ian Dy, the hackers are demanding USD300,000, or around Php17 million when directly converted. Once paid, the hackers said that they would delete the data that they obtained and also provide the DICT with the key to unlock the data that the hackers had encrypted.
Dy added that the stolen data from PhilHealth has been posted on the dark web.
Since the attack, the National Computer Emergency Response Team of the DICT’s Cybersecurity section has been tasked to investigate the hackers.
- How to check PhilHealth contribution online
- A Comprehensive Guide on How to Apply for PhilHealth Voluntary Membership
“Observed recently since June 2021, the Medusa ransomware is distributed by exploiting publicly exposed Remote Desktop Protocol servers either through brute force attacks, phishing campaigns, or by exploiting existing vulnerabilities,” the DICT said in an advisory.
Once executed, the Medusa ransomware would terminate more than 280 Windows services and processes for programs that would’ve stopped file encryption, DICT added.
The DICT has already done containment measures, so PhilHealth’s system should be back today, September 25. But as of writing, PhilHealth is yet to release a statement that the systems are up and running again.
In its official statement, PhilHealth assured its patrons that no personal or medical information had been leaked or compromised.
Via: PhilStar