Scribd
Upload
2K views4 pages

Case Study

The PhilHealth organization in the Philippines fell victim to the Medusa ransomware attack, with hackers encrypting data and demanding $300,000 to unlock it. Medusa ransomware targets organizations that store large amounts of personal information. Hackers initially accessed PhilHealth's systems through RDP brute force or stolen credentials. PhilHealth stated systems were disabled as a security measure and they are working to restore services while implementing additional security measures, though no personal or medical data was compromised. The regional vice president of PhilHealth issued a warning about the system downtime and efforts to resolve the issue.

Uploaded by

Dessa Joy Dela Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views4 pages

Case Study

The PhilHealth organization in the Philippines fell victim to the Medusa ransomware attack, with hackers encrypting data and demanding $300,000 to unlock it. Medusa ransomware targets organizations that store large amounts of personal information. Hackers initially accessed PhilHealth's systems through RDP brute force or stolen credentials. PhilHealth stated systems were disabled as a security measure and they are working to restore services while implementing additional security measures, though no personal or medical data was compromised. The regional vice president of PhilHealth issued a warning about the system downtime and efforts to resolve the issue.

Uploaded by

Dessa Joy Dela Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
  • Case Description: Details the ransomware attack on PhilHealth, including the breach impact and operational compromise.
  • Documentation Report: Outlines the management's response to the breach, including memo distribution and service status.
  • Introduction: Presents background information on Medusa, linking it to cyberthreats and the case in PhilHealth.

Medusa Ransomware Attack in PhilHealth

Members

Date

Name of instructor

School
Table of Content
Introduction:

Gorgon, from Greek mythology, is named Medusa. With only one glance, Medusa is renowned
for turning humans into stones. And her name was once used to refer to a cyberattack in which
hackers stole and encrypted a sizable amount of PhilHealth data. And they demand a ransom to
unlock the key. One of the major organizations that has been compromised is PhilHealth. A
group of cybercriminals have threatened to reveal information on stakeholders' identities,
including name, address, birthday, sex, phone number, and identification number.

The Medusa ransomware, also known as MedusaLocker, was first discovered in 2019 and uses
the ransomware-as-a-service (RaaS) business model. It primarily targets businesses that process
large amounts of personally identifiable information (PII), such as those in the healthcare and
educational sectors. In a two-fold extortion scheme, Medusa associates frequently grab the
victim's data before encrypting it. If the victims do not pay the ransom, they risk having their
data sold or made public. Attackers generally get initial access through Remote Desktop
Protocol (RDP) brute-force attacks, stolen user credentials from spear-phishing operations, or
leaked RDP credentials.

Case description:

The PhilHealth medusa assault was revealed by a dark web leak. In accordance with the
informant's tip, a PhilHealth document was stolen and made available on a public marketplace
platform. One of the most recent hacking problems in the agency's history was the Mesa
ransomware attack. According to the article, PhilHealth officials had a very low opinion of the
hacker.

Discussion:

The Medusa ransomware infected the Philippine Health Insurance Corp. (PhilHealth) over the
weekend, and the hackers demanded a $300,000 ransom for the stolen data. PhilHealth
claimed over the weekend that it is attempting to restore its systems by Monday, September
25, 2023.As part of security containment measures, the agency's system, including its website,
Health Care Institution (HCI) and member portal, and e-claims, were disabled or
disconnected.In a message published on its official Facebook page, PhilHealth stated that
"affected systems shall be restored as soon as practically possible after the completion of the
necessary configuration and reinforcement of existing information security
measures.""PhilHealth's management assures the public that the incident is under control and
that no personnel information or medical information has been compromised or leaked," the
statement continued.

Documentation report:
Because this information is extremely private, the managers of the PhilHealth Baler Aurora base
declined to provide it. However, the management authorized the distribution of Memorandum
No. 2023–12 from the PhilHealth Regional Office. Regional Vice President DATU MASIDING M.
ALONTO, JR. issued the following warning on September 22: "We regret to advise our
stakeholders that we are now experiencing statewide system downtime that will momentarily
disrupt our services. Our services won't be accessible for a while. We recognize how valuable
our services are and are sorry for any trouble this downtime may have caused. Our team is
dedicated to reducing the inconvenience, and we will keep you informed on the status of the
downtime via our official communication channels.

You might also like