The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization's operations.
OUC is an online university based in Nicosia, Cyprus, that provides remote learning. It offers 30 higher-level education programs to 4,200 students and participates in various scientific research activities.
Last week, the university published an announcement about a cyberattack that had occurred on March 27, that resulted in several central services and critical systems going offline.
“As a precaution, access is not provided to the University’s eLearning Platform, Employment Portal, the Portal for applications of prospective students, and other critical systems that mainly concern the University community,” reads the OUC announcement.
“Where there are deadlines for the submission of assignments, extensions will be provided by the academic staff,” the university said.
Today, the Medusa ransomware group posted OUC on its data leak site, giving the institute 14 days to respond to its ransom demands. The hackers asked for $100,000.
However, the threat group set the same price for both deleting the data as well as for selling it to an interested party. For $10,000, the hackers say they would delay publishing the data by one day.
Data samples have also been published, to prove that their claims are real. The files include student lists with personally identifiable information, financial details of research contractors, and more.
Unlike other ransomware actors, Medusa does not consider education organizations off-limits. At the beginning of March, the gang targeted the Minneapolis Public Schools district, demanding a ransom of $1 million.
