DICT says PhilHealth hackers want USD 300,000 (around PHP 17 million)

DICT says hackers have one condition before they return access to data they captured.

Photo from PhilHealth FB page

Hackers demand millions of pesos

According to a report by Philstar, DICT Undersecretary Jeffrey Ian Dy said cyber hackers that attacked the system of PhilHealth on September 22 have demanded ransom worth USD 300,000 or around PHP 17 million.

They have already made a demand for $300,000 for them to do two things: One is to delete the data that they captured, and two, is so they would give us the key so we can decrypt the data that they encrypted, Dy said.

To recall, PhilHealth's system was attacked last week by Medusa ransomware. It is a type of malware that encrypts the victims' data and then requests a ransom in exchange for the decryption key.

Observed recently since June 2021, the Medusa ransomware is distributed by exploiting publicly exposed Remote Desktop Protocol servers either through brute force attacks, phishing campaigns or by exploiting existing vulnerabilities, Dy explained in an advisory.

When executed, the Medusa ransomware terminates more than 280 Windows services and processes for programs that could prevent file encryption, he added.

Dy said the stolen data had been posted on the dark web. But PhilHealth has noted that no personal or medical information was compromised or leaked.

PhilHealth said containment measures are already being implemented as authorities investigate the incident.

The DICT also said the National Computer Emergency Response Team was tapped to look into the attackers.

ICYMI: DICT says hackers started exposing stolen PhilHealth data on dark web

What do you think about this?

Via: PhilStar