The Medusa ransomware group demanded USD$300,000 from the government and threatened to expose the data online if PhilHealth refused to pay.
DICT Undersecretary Jeffrey Dy confirmed that the compromised data is now on the dark web.
Dy also said that despite their understanding of how the culprits operate, they are unable to file charges against them for now.
DICT vows not to pay ransom after PhilHealth hacking
Sep 27, 2023 03:22 AM
At a glance
The Department of Information and Communications Technology (DICT) said the government will not pay any ransom, in light of the hacking incident that targeted the Philippine Health Insurance Corporation (PhilHealth).
READ:
https://mb.com.ph/2023/9/22/phil-health-paralyzed-by-medusa-ransomware-attack
"It's the policy of the government not to pay any ransom for any type of criminal activity, including cyber-attacks," DICT Undersecretary Jeffrey Dy said in an interview with CNN on Sept. 26.
"So, which is the position of the government not to pay this one," he emphasized.
Based on reports, the Medusa ransomware group demanded USD$300,000 from the government and threatened to expose the data online if PhilHealth refused to pay.
READ:
Now on 'dark' web
Meanwhile, Dy confirmed that the compromised data is now on the dark web—a part of the world wide web that can only be accessed using special software.
"Yes, correct, it is now on the dark web," he said.
"In fact, similar to any ransom demand, they already posted some leaks to prove that they are the hackers number one, and they indeed have the data," he added.
However, the DICT undersecretary emphasized that the agency treats the issue with utmost seriousness. This is because the hackers not only gained access to documents but also compromised the personally identifiable information of PhilHealth employees, along with some internal memos that were supposed to be treated confidentially.
Suspects still unidentified
Dy also said that despite their understanding of how the culprits operate, they are unable to file charges against them for now.
"Do we know the group? Yes. Do we know the APT (Advanced Persistent Threat), the modus operandi? Do we have an international network that says where they operate? Yes. Is that enough to file charges against certain people? Not yet." he said.
"We don't even know the real identity behind the group," he added.
Even though the government has gathered evidence through forensics conducted within PhilHealth, with assistance from the Cybercrime Investigation Coordination Center, they cannot press charges against the suspects because the individuals behind the hacking have remained anonymous.