PhilHealth hackers demand $300,000 – DICT

MANILA, Philippines — After the Medusa ransomware infected the systems of state health insurer Philippine Health Insurance Corp. (PhilHealth) on Sept. 22, cyberhackers have demanded $300,000 or approximately P16 million, according to the Department of Information and Communications Technology (DICT).

“They have already made a demand for $300,000 for them to do two things: One is to delete the data that they captured, and two, is so they would give us the key so we can decrypt the data that they encrypted,” DICT Undersecretary Jeffrey Ian Dy told The STAR yesterday.

The stolen data from PhilHealth has been posted on the dark web, he added.

The National Computer Emergency Response Team of the DICT Cybersecurity Bureau has been mobilized to probe the cyberhackers, Dy noted.

“Observed recently since June 2021, the Medusa ransomware is distributed by exploiting publicly exposed Remote Desktop Protocol servers either through brute force attacks, phishing campaigns or by exploiting existing vulnerabilities,” Dy said in an advisory.

“When executed, the Medusa ransomware terminates more than 280 Windows services and processes for programs that could prevent file encryption,” he added.

Dy noted that they have taken containment measures and PhilHealth’s system should return today.

PhilHealth president Emmanuel Ledesma Jr. said that no personal or medical information has been compromised or leaked.