Cyberhackers demanded $300,000, or approximately PHP 16 million, according to the Department of Information and Communications Technology (DICT), following the infiltration of the Medusa ransomware into the Philippine Health Insurance Corp systems.
According to DICT Undersecretary Jeffrey Ian Dy, the hackers have already made a demand of $300,000 for them to do two things: One, delete the data they have captured, and two, they would give us[Philhealth] the key so we can decrypt the data they have encrypted.
Since June 2021, there has been a noticeable increase in the distribution of the Medusa ransomware. These breaches are typically achieved through a combination of brute force attacks, phishing campaigns, or exploiting pre-existing vulnerabilities.
“The Medusa ransomware terminates more than 280 Windows services processes that could prevent file encryption.”
Despite being under cyberattack since September 22, 2023, PhilHealth has assured its members that they can still avail benefits from accredited health-care facilities.
Dy also added that The National Computer Emergency Response Team of the DICT Cybersecurity Bureau has been mobilized to handle the cyberhackers.
PhilHealth president Emmanuel Ledesma Jr. stated that no personal or medical information has been compromised or leaked.
To prevent further cyberattacks, especially those involving ransomware like Medusa, DICT has issued guidelines for government offices. These measures include:
- Regular Backups: Ensure all digital assets, including files, systems, and processes, are regularly backed up.
- Software Compliance: Prohibit the use of illegal or unlicensed software, particularly those downloaded from the internet.
- Access Management Review: Review and enhance access management policies, including the use of government-issued computers.
- Data Recovery Plan: Develop and implement a data recovery plan that involves storing multiple copies of sensitive data in secure locations.
Additionally, the Philippine National Police-Anti-Cybercrime Group (PNP-ACG) has offered guidance to the public to protect against cyberattacks. PCPT. Michelle Sabino, spokesperson for PNP-ACG, stressed the importance of:
- Antivirus Software: Installing and keeping antivirus software up to date.
- Employee Training: Providing training to government employees on email security, domain name system (DNS), and web filtering services.
- Download Caution: Exercising caution when downloading applications.
In light of these recent developments, it is crucial for organizations and individuals to remain vigilant and take proactive measures to protect their digital assets and sensitive information from potential cyber threats.