The Department of Information and Communications Technology (DICT) said that the hackers of the Philippine Health Insurance Corp. system demand for money before they release the data and allow the government to decrypt.
In an interview with the Philippine Star, DICT Undersecretary Jeffrey Dy said cyber hackers have demanded $300,000 or approximately P16 million following the Medusa ransomware infected the state insurer’s system.
“They have already made a demand for $300,000 for them to do two things: One is to delete the data that they captured, and two, is so they would give us the key so we can decrypt the data that they encrypted,” Dy said on Sunday.
The stolen data from Philhealth has been posted on the dark web according to the DICT official.
“Observed recently since June 2021, the Medusa ransomware is distributed by exploiting publicly exposed Remote Desktop Protocol servers either through brute force attacks, phishing campaigns or by exploiting existing vulnerabilities,” Dy said in an advisory.
“When executed, the Medusa ransomware terminates more than 280 Windows services and processes for programs that could prevent file encryption,” he added.
Philhealth said that no personal or medical information has been compromised or leaked.
The DICT added that containment measures have been in place should Philhealth return to its system again.
