The Open University of Cyprus (OUC) was the target of a cyberattack by the Medusa ransomware group that severely disrupted the organization’s activities. OUC is an online educational institution with a base in Nicosia, Cyprus. With 4,200 students, it provides 30 higher education programs and engages in various scientific research endeavors. The institution released a statement last week regarding a cyberattack that happened on March 27 that had caused many vital services and crucial infrastructure to go offline.
“As a precaution, access is not provided to the University’s eLearning Platform, Employment Portal, the Portal for applications of prospective students, and other critical systems that mainly concern the University community,” reads the OUC announcement. “Where there are deadlines for the submission of assignments, extensions will be provided by the academic staff,” said the university.
The institute has 14 days to reply to the Medusa ransomware group’s demands after OUC was recently placed on its data breach site. Hackers demanded $100,000 in exchange. However, the threat group established the same price for selling the data to a potential buyer as well as for erasing it. The hackers claim they would put off exposing the data by one day in exchange for $10,000.
Data samples have also been released to support their arguments. The files contain information on research contractors’ finances, lists of students with personally identifiable information, and more. Education-related companies are not off-limits to Medusa, in contrast to other ransomware perpetrators. The Minneapolis Public Schools district was the focus of the gang’s attack at the beginning of March, which included a $1 million ransom demand.
Since the start of 2023, the small island nation in the eastern Mediterranean has had many serious cyberattacks, the most significant of which occurred on March 8 when a devastating attack was launched on the national land registry’s online portal. The assault pushed the state organization into a lengthy outage that could only be repaired by establishing a new portal at a different location, set up with restricted functionality more than two weeks later. The attack froze registrations worth €150 million and caused it to freeze transactions.
According to the reports from local media, the University of Cyprus and the Ministry of Defense were both targeted by the same hackers, but both organizations were able to stop the breaches by spotting them early and isolating the affected systems.