The Open University of Cyprus (OUC) has been hit by a cyberattack by the Medusa ransomware group, causing severe disruptions to the institution’s operations.
OUC is an online university that offers higher-level education programs to 4,200 students and participates in various scientific research activities. The attack resulted in central services and critical systems going offline, leading to the university announcing that it was providing extensions to students where there were deadlines for the submission of assignments.
Furthermore, the Medusa ransomware group has given the university 14 days to respond to its ransom demands, asking for $100,000. However, the hackers have set the same price for deleting the data as well as selling it to an interested party. The hackers claim that they will delay publishing the data by one day for $10,000.
Data samples have also been published to prove their claims, including personally identifiable information and financial details of research contractors.
At the same time, the attack on OUC is part of a series of high-impact cyber incidents in Cyprus since the beginning of 2023, including a catastrophic attack against the online portal of the national land registry on March 8. The attack froze registrations worth €150 million and forced the state organization to an extended outage that could only be resolved by building a new portal at a different address.
The same hackers reportedly attempted to breach the University of Cyprus and the Ministry of Defense, but both entities managed to block the intrusions by detecting them early and isolating the impacted systems.
Additionally, the Medusa ransomware group has shown that it does not consider educational organizations off-limits and has targeted the Minneapolis Public Schools district, demanding a ransom of $1 million.
Organizations need to take proactive measures to protect their critical systems and data, including implementing robust cybersecurity protocols, conducting regular backups, and training employees on cybersecurity best practices.
