Hackers release stolen Open University of Cyprus data on dark web

Hackers on Thursday made good on their threat to release a trove of personal data – potentially terabytes of it – grabbed from the Open University of Cyprus, after a deadline for payment of ransom elapsed.

The group of hackers, calling themselves ‘Medusa’, had demanded €100,000 – to be paid in cryptocurrency – from the university in return for not releasing the data.

The university had announced the hack in late March.

The hackers had set a deadline of April 20 for the university to comply, otherwise they’d dump the data on the ‘dark web’.

They had published a page on the ‘dark web’ featuring a countdown timer and the ransom amount.

According to IT forensics expert Dino Pastos, early on Thursday the ransom page went offline for a while. But after checking again just before 2pm, Pastos discovered the page was back up again.

The countdown timer was gone. In its place the hackers placed a download button for the files.

Asked whether this might be a hoax, Pastos told the Cyprus Mail the hackers were not bluffing.

He explained that, earlier, the hackers had given samples of files they had illegally obtained from the university.

From those samples, Pastos guesses that the full dump may consist of tens of gigabytes – “maybe even terabytes” – of data.

Given the sheer size of the files, it could take someone several days to download the entire dump.

“So the effects of this will become apparent, and gradually, in the coming days.”

The IT expert said the hackers had managed to access the university’s entire electronic infrastructure.

“They got into the file server, the mail server, personal files, contacts – the whole shebang. This is huge.”

Earlier, Pastos told another media outlet that the leaked data could contain passwords, files, photos, medical certificates, and emails, among other personal information.

He also cautioned that individuals whose personal information has been leaked may become targets of hacking attacks on social media and other websites where they have used the same passwords.

The full implications of the leak would only become apparent when it is clear exactly what information was intercepted by the hackers. Once the data is stolen and leaked, it is difficult to remove it from the ‘dark web’.

The ‘dark web’ is a part of the internet that offers anonymity and is only accessible with specialised software like ‘Tor’. The software does not work with the usual .com addresses.

In a statement later in the day, the Disy party called the data release “a particularly unfortunate development.”

The party said the hack highlights “the need, as a country, for us to act on all levels without any delay.

“We expect the government and the relevant agencies to handle this as swiftly as possible, and we are ready to help in any way within parliament in the drive to protect our country’s core infrastructures.”

Initially, when news of the hack broke, the university denied that any requests for money were made.

Earlier in March, the website of the Department of Lands and Surveys went offline after it was hacked.