The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization’s operations.
OUC is an online university based in Nicosia, Cyprus, that provides remote learning. It offers 30 higher-level education programs to 4,200 students and participates in various scientific research activities.
Last week, the university published an announcement about a cyberattack that had occurred on March 27, that resulted in several central services and critical systems going offline.
“As a precaution, access is not provided to the University’s eLearning Platform, Employment Portal, the Portal for applications of prospective students, and other critical systems that mainly concern the University community,” reads the OUC announcement.
“Where there are deadlines for the submission of assignments, extensions will be provided by the academic staff,” the university said.
Today, the Medusa ransomware group posted OUC on its data leak site, giving the institute 14 days to respond to its ransom demands. The hackers asked for $100,000.
However, the threat group set the same price for both deleting the data as well as for selling it to an interested party. For $10,000, the hackers say they would delay publishing the data by one day.
Data samples have also been published, to prove that their claims are real. The files include student lists with personally identifiable information, financial details of research contractors, and more.
Unlike other ransomware actors, Medusa does not consider education organizations off-limits. At the beginning of March, the gang targeted the Minneapolis Public Schools district, demanding a ransom of $1 million.
For more details on the profile of Medusa ransomware, check out our detailed analysis of the threat actor, which covers techniques, tactics, and procedures (TTPs).
Cyprus under “cyber-pressure”
The small island country in the eastern Mediterranean has suffered from a series of high-impact cyber incidents since the beginning of 2023, the most notable being a catastrophic attack against the online portal of the national land registry on March 8.
The attack froze registrations worth €150 million and forced the state organization to an extended outage which could only be resolved by building a new portal at a different address, set up with limited functionality more than two weeks later.
Local media also reported that the same hackers attempted to breach the University of Cyprus and also the Ministry of Defense, but both entities managed to block the intrusions by detecting them early and isolating the impacted systems.
H/T: Brett Callow