The Medusa ransomware hacker gang has claimed responsibility for the cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions to the organization’s operations.

Last week, the University made an announcement about a cyberattack that had occurred on March 27 which caused several central services and critical systems to go offline.

As a precaution, access is not provided to the University’s eLearning Platform, Employment Portal, the Portal for applications of prospective students, and other important services that mainly concern the University community, states the OUC announcement.

The day before yesterday, the said hacker gang posted OUC on its data leak site, giving the institute 14 days to respond to its ransom demands. The hackers asked for $100,000, according to the bleeping computer site.

However, the gang set the same price for both deleting the data as well as for selling it to an interested party. For $10,000, the hackers say they would delay publishing the data by one day.

Data samples have also been published, to prove that their claims are real. The files include student lists with personal information, financial details of research contractors, and more.

Unlike other ransomware actors, Medusa does not consider education organizations off-limits. At the beginning of March, the gang targeted the Minneapolis Public Schools district, demanding a ransom of $1 million.

Also read: Open University of Cyprus | Serious cyberattack incident

Cyprus under “cyber-pressure”

Specifically, Cyprus has suffered from a series of high-impact cyber incidents since the beginning of 2023, the most notable being a catastrophic attack against the online portal of the national land registry on March 8.

The attack froze registrations worth €150 million and forced the state organization to an extended outage which could only be resolved by building a new portal, set up with limited functionality more than two weeks later.

Local media also reported that the same hackers attempted to breach the University of Cyprus and the Ministry of Defence, but both entities managed to block the attacks by detecting them early and isolating the impacted systems.

Also read: Cyprus | Barrage of cyberattacks – The Department of Lands & Surveys takes turn after the University of Cyprus