By Junex Doronio
WHO WILL BLINK FIRST?
This is the question as there are only four more days to go before the shadowy Medusa ransomware group will release in public the data that it has hacked from the government health insurer Philhealth if the latter refuses to cough up $300,000 or roughly P17 million in ransom.
Cybersecurity expert Renzon Cruz has expressed apprehension that Medusa may release a lengthy video ranging from 30 to 50 minutes in the event of non-compliance from PhilHealth, flaunting a series of PII data and IDs across various social media platforms like X (Twitter), Telegram, and Facebook.
Cruz said Medusa is well equipped as it even has a public relations arm, identified as “OSINT without Borders”, which seems to function on reporting breaches and re-publishing stolen data.
Just like the wily mythological creature, the shadowy Medusa ransomware group reportedly collaborates with global affiliates, expanding its reach and impact.
According to thecyberexpress.com, since its emergence in June 2021, the Medusa ransomware group has remained a prominent concern for cybersecurity experts.
The PhilHealth hacking was confirmed by the National Privacy Commission (NPC) on Monday evening, September 25, saying it was notified by PhilHealth regarding a ransomware attack.
Philhealth, however, assured that only employee information was breached.
Last September 22, the Department of Information and Communications Technology (DICT) first bared the cyberattack on the PhilHealth database.
DICT Undersecretary Jeffrey Ian Dy said the $300,000 or roughly P17 million ransom is in exchange for three things, namely:
- to hand over the decryption keys so the data can be accessed again;
- to delete the data that they obtained and not publish these to the public; and
- to give DICT a copy of the data which is in their possession.
DICT said it is working with PhilHealth and its outsourced cybersecurity vendors to complete the “clean up” of the system. (ai/mnm)