Medusa’s taking over of Philippine government agency’s website and infection with ransomware of its system confirms there’s no silver bullet against cybercriminals’ attacks
Short link: https://wp.me/paaccn-wMF
- EDD K. USMAN | Twitter: @edd1819 | Instagram: @bluestar0910 | Facebook: SDN — Scitech and Digital News
(SDN) — Some cybersecurity vendors offering services to protect organizations from hackings have admitted when asked by SDN — SciTech and Digital News that there’s no silver bullet against cyberattacks.
And as shown by cybercriminals hacking of the Philippine Health Insurance Corp. (PhilHealth), state health insurer for Filipinos, preventing every cyberattack is like shooting for the moon with a slingshot.
At least security vendors have admitted that much: They are powerless to do the impossible.
Came now the Medusa ransomware group attacking and infecting the website and network system of PhilHealth on September 22. The cyber bad guys behind Medusa have demanded from the Philippine government $300,000 as ransom payment in exchanging for deleting the stolen data now being peddled on the Dark Web. They will also provide the key to decrypt the data the group encrypted, said Undersecretary Jeffrey Ian Dy of the Department of Information and Communications Technology (DICT), in a Philippine Star report.
Dy said the Medusa group asked for $300,000 (around Php17 million) to settle the attack.
PhilHealth is not alone in being a victim of cybercriminals in the country.
In fact, as Sophos security vendor revealed in May 2022, per Rappler, it found out in a survey that 69 percent of organizations it studied in the country were hit by ransomware attacks. The same survey showed the global rate for ransomware attacks is only 66 percent.
In relation with the cyber incident, Kaspersky, a leading global cybersecurity company, said in a statement that the firm’s solutions detected the Medusa ransomware.
Here’s the company’s full statement:
Kaspersky solutions detect Medusa ransomware
Our products detect Medusa ransomware by File Threat Protection as variants of Trojan-Ransom.Win32.MedusaNg. Additionally, products with the Behavior Detection component detect even unknown variants of this malware proactively as PDM:Trojan.Win32.Generic.
With the help of our self-defense technology, our endpoint solution efficiently prevents malicious attempts to interfere with normal operation of the product.
To keep your company protected against Medusa and other modern ransomware attacks, Kaspersky experts recommend:
-
Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them.
-
Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.
-
Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities
-
Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections.
-
Back up data regularly. Make sure you can quickly access it in an emergency when needed.
-
Use the latest Threat Intelligence information to stay aware of actual tactics, techniques, and procedures (TTPs) used by threat actors.
-
Use solutions like Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response service which help to identify and stop the attack in early stages, before attackers reach their final goals.
-
To protect the corporate environment, educate your employees. Dedicated training courses can help, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
-
Use a reliable endpoint security solution, such as Kaspersky Endpoint Security for Business (KESB) that is powered by exploit prevention, behavior detection and a remediation engine that is able to roll back malicious actions. KESB also has self-defense mechanisms which can prevent its removal by cybercriminals.
A casual check on www.philhealth.gov.ph still cannot be accessed or opened. (/)