MAHIGPITANG GIRIAN NA ITO: MEDUSA IS NOW ON STAGE 3 LEVEL OF EXTORTION — DICT EXEC

By Junex Doronio

TWO DAYS AFTER THE DEADLINE for a ransom payment of about $300,000 or around P17 million expired, hackers have leaked the compromised data from a recent ransomware attack against the Philippine Health Insurance Corporation (PhilHealth).

This was revealed by Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Dy who said the Medusa ransomware group uploaded a copy of over 600 gigabytes of files to a website and a Telegram channel after 4 p.m. on Thursday, October 5.

“Nasa Stage 3 na tayo, ito na ‘yung final stage sa sinasabi kong triple extortion stages. Sa Phase 3, aatakihin na nila ‘yung mga tao na nakita nila sa database kasi mas prone na ‘yun eh. Is-spam na nila ‘yan. Is-scam na nila yan,” Dy warned.

The DICT believed that the uploader was part of the Medusa ransomware group.

Just to let you know, last September 22, PhilHealth was hit by a Medusa ransomware attack, causing the temporary shutdown of the online systems of the state health insurer.

Hackers reportedly threatened to release the data stolen from its database should the agency fail to pay the ransom of $300,000 or around P17 million.

But PhilHealth stood firm that it would not pay.

On Tuesday, October 3, PhilHealth reiterated that the cyberattack did not compromise its members’ database but affected its employees’ application servers and workstations. (ai/mnm)