In Greek Mythology, Medusa was the notorious creature with snakes for hair and the ability to turn anyone who gazed upon her to stone. Her story is often used to symbolize that beauty can sometimes be deceptive.
Medusa is gaining notoriety again after an international criminal-hacking syndicate named their group and ransomware payload after the Greek character. The criminal group unleashed Medusa and hit global targets, including the country's health insurance agency — PhilHealth. According to the DICT, the group is demanding P300,000 and has threatened to release the sensitive data online if ransom is not paid.
This high-profile attack underscores the seriousness of the threat. There's no way to measure the extent of this cyber pandemic, as ransomware victims would instead remain quiet. I have encountered smaller companies where HR managers pay a ransom of $300 after being victimized by ransomware through phishing emails. Some groups settle for small change, while some attackers go big time, like the Medusa group.
Faced with a ransomware attack, whether or not to pay the ransom is a critical decision that organizations and individuals must carefully consider. I am sure this option is entertained by all victims the moment they get hit, including PhilHealth. Who wouldn't?
While paying the ransom may seem like a quick solution, it is not guaranteed that you will receive a decryption key, or that your data will be fully restored.
What happens if you don't pay the ransom? Potentially, this could lead to data loss as, in most cases, ransomware encrypts your files and makes them inaccessible. If you do not pay the ransom and do not have a backup of your data, you may lose access to essential files and information. This situation can be especially problematic for businesses and individuals that rely on critical data for their operations.
In some jurisdictions, paying a ransom to cybercriminals is outright illegal. Additionally, organizations may face regulatory penalties and legal liabilities for data breaches resulting from ransomware attacks.
Our authorities are correct not to pay ransom. Even assuming PhilHealth could afford it.
While paying the ransom may seem like a quick solution, it is not guaranteed that you will receive a decryption key, or that your data will be fully restored.
Paying ransom only encourages and financially supports criminal activities. It perpetuates the ransomware ecosystem and incentivizes attackers to continue their malicious actions.
However, whether you pay or not, the impact can be felt in other aspects, not only financially. The PhilHealth attack showed that there are other pains associated with a cyberattack.
As reported, the PhilHealth incident led to significant downtime as they worked to recover their systems and data. Depending on the extent of the attack and the effectiveness of their backups, downtimes can range from hours to weeks or longer.
A publicized ransomware incident also damages the reputation of an organization. You can lose clients, customers, and partners who may lose trust in your ability to protect their data.
The complete picture of the extent of this attack has yet to be discovered. PhilHealth still has much explaining to do when it submits its breach notification to the National Privacy Commission. Aftershocks would be felt in the post-ransomware scenario, and PhilHealth is not out of the woods yet.