No wonder the website is not working – well, 17 million for encrypted data is not bad?
Hackers are demanding millions of pesos as ransom. According to a Philstar report, Jeffrey Ian Dy, Undersecretary of DICT, revealed that the cyber attackers who targeted PhilHealth’s system on September 22 have requested a ransom of $300,000, which is equivalent to around PHP 17 million.
Dy explained that the hackers have made two demands: first, they want the data they captured to be deleted, and second, they are asking for the decryption key so that the encrypted data can be restored.
To provide some context, PhilHealth’s system was compromised by the Medusa ransomware last week. This type of malware encrypts a victim’s data and then demands a ransom in exchange for the decryption key.
Dy pointed out that the Medusa ransomware has been observed since June 2021 and is typically spread by exploiting publicly exposed Remote Desktop Protocol servers. This exploitation can occur through methods such as brute force attacks, phishing campaigns, or taking advantage of existing vulnerabilities.
He further explained that when the Medusa ransomware is activated, it terminates over 280 Windows services and processes to prevent interference with file encryption.
However, PhilHealth has assured that no personal or medical information was compromised or leaked in this incident. They are actively implementing measures to contain the situation while authorities conduct their investigation.
The DICT has also engaged the National Computer Emergency Response Team to investigate the identity and motives of the attackers.