Police wary Medusa hackers may strike again

1 min read

Authorities are concerned over an eerie silence from the notorious Medusa ransomware gang who, after a cyberattack on the Open University, demanded $100,000 not to publish stolen data.

The ransomware group leaked encrypted folders with sensitive data after the institution refused to pay the ransom.

So far, the hackers have published the names of the folders they accessed during the attack this month, making authorities feel uneasy.

In comments to Phileleftheros daily, deputy head of the police’s Electronic Crime Division, Andreas Anastasiades, said the force and the Open University are worried that hackers may return with new demands or make data widely available.

According to Anastasiades, authorities are on the alert for a possible new attack on another state institution.

Victims’ information is currently stored online on the dark web in encrypted form, while those wishing to decrypt the files cannot do so without help from Medusa.

The names of electronic folders that were stored in the computer systems of the Open University of Cyprus were made public on the dark web.

Anastasiades said it is currently unclear whether Medusa has the files stored in the folders.

However, it is believed that the gang have accessed the content of the folders.

“These files were not accessible, so no one knows what they contain.

“This means that we cannot be absolutely sure they have all this data in their possession, but what is certain is that they had access up to the University’s electronic archive.”

Students and staff have been busy changing their online banking passwords and University codes in case the ransomware group makes good on its threat to make the data available to identity thieves.

Commissioner for personal data protection, Irene Loizidou-Nikolaidou, expects an official update from the university on what sort of data has been compromised.

Cyprus has suffered from a series of high-impact cyber incidents since the beginning of 2023, the most notable being a paralysing attack against the online portal of the land registry on March 8.

Three months earlier, hackers targeted the emails of members of the Cyprus University of Technology (TEPAK).

After gaining access to the accounts, the hackers managed to trick officials by giving instructions to pay a ‘significant amount,’ pretending to be a European Union agency.

Last month, a similar attack on the state-funded University of Cyprus saw servers shut down to prevent malicious access.