Open University says working with cybercrime unit on data dump

The Open University of Cyprus said on Friday it was continuing to cooperate with authorities on the hack of its database, even after a first tranche of files were made public, which authorities said could be part of two of the hackers’ tactic to elicit money.

According to the deputy chief of the cybercrime unit, Yiorgos Karkas, the hackers published a first bunch of the files, but might be saving the second batch and the contents of the files to use in a second ransom attempt.

Karkas told CyBC: “They published the folders, but it is unclear what the contents of the folders are.”

He called on people concerned about the disclosure of their personal data, to change their passwords or to add additional security measures to their accounts.

On Thursday, the hackers from a group calling themselves ‘Medusa’ made good on their threat to release a trove of personal data – potentially terabytes of it – grabbed from the Open University of Cyprus, after a deadline for payment of ransom elapsed.

The group of hackers had demanded €100,000 – to be paid in cryptocurrency – from the university in return for not releasing the data.

The university had announced the hack in late March.

The hackers had set a deadline of April 20 to comply, otherwise they’d dump the data on the dark web.

In a statement on Friday after the deadline, the university said that the cyberattack resulted in several services and critical systems going offline and a precautionary measure.

“Yet, (sensitive) personal data relating to members of the academic community have been leaked,” the university said.

The academic institution added that they are in constant communication and cooperate effectively with the cybercrime unit of the police to undertake the relevant investigations, and with the Commissioner for Personal Data Protection.

“At the same time, the university, together with a number of external partners, are working closely to restore all disrupted operations by taking additional technical and organisational measures to mitigate all risks and repair all vulnerabilities,” the statement said.

‘Medusa’ had published a page on the ‘dark web’ featuring a countdown timer and the ransom amount.

According to IT forensics expert Dino Pastos, early on Thursday the ransom page went offline for a while. But after checking again just before 2pm, Pastos discovered the page was back up again.

The countdown timer was gone. In its place the hackers placed a download button for the files.

Asked whether this might be a hoax, Pastos had said that the hackers were not bluffing.

He explained that, earlier, the hackers had given samples of files they had illegally obtained from the university.

Pastos also said that the leaked data could contain passwords, files, photos, medical certificates, and emails, among other personal information.

He also cautioned that individuals whose personal information has been leaked may become targets of hacking attacks on social media and other websites where they have used the same passwords.