Open University of Cyprus falls victim to Medusa ransomware attack

The Open University of Cyprus (OUC) has been hit by a cyberattack carried out by the Medusa ransomware gang, causing significant disruptions to the university’s operations. The online university, based in Nicosia, Cyprus, offers remote learning opportunities and provides 30 higher-level education programs to 4,200 students, as well as participating in various scientific research activities.

Last week, the university announced that a cyberattack had occurred on March 27, resulting in several central services and critical systems going offline. As a precaution, the university has denied access to the eLearning platform, employment portal, the portal for applications of prospective students, and other critical systems that mainly affect the university community, according to the OUC announcement. The university has stated that academic staff will provide extensions for deadlines for submission of assignments.

Today, the Medusa ransomware group posted OUC on its data leak site, demanding a $100,000 ransom from the institute. The hackers have given the university 14 days to respond to their ransom demands. However, the threat group has set the same price for both deleting the data and selling it to an interested party. For $10,000, the hackers have stated that they would delay publishing the data by one day. Data samples have also been published to prove that their claims are genuine. The files include student lists with personally identifiable information, financial details of research contractors, and more.

Unlike other ransomware actors, Medusa does not consider educational organizations off-limits. The gang targeted the Minneapolis Public Schools district at the beginning of March, demanding a $1 million ransom.

Since the beginning of 2023, Cyprus has suffered from a series of high-impact cyber incidents, with the most significant being a catastrophic attack against the online portal of the national land registry on March 8. The attack froze registrations worth €150 million and forced the state organization into an extended outage, which could only be resolved by building a new portal at a different address, set up with limited functionality more than two weeks later. Local media has also reported that the same hackers attempted to breach the University of Cyprus and the Ministry of Defense, but both entities managed to block the intrusions by detecting them early and isolating the impacted systems.

For more information on the profile of Medusa ransomware, please refer to our detailed analysis of the threat actor, which covers techniques, tactics, and procedures (TTPs).

Cyprus under “cyber-pressure”

The small island country in the eastern Mediterranean is under pressure from a series of high-impact cyber incidents, with the most significant being the catastrophic attack against the national land registry.

H/T: Brett Callow