DavaoPlus

Tuesday, 26 September 2023

[New post] After Philhealth cyber attack: DICT, PNP-ACG recommend steps to prevent randomware

Site logo image Planet Philippines (Full Attribution Below) posted: " PhilHealth station addressing the financial needs of citizens in the public health system in this photo from PhilHealth's website. (Photo from Philippine Health Insurance Corporation's website) Government agencies should start implementing measures to pr" Planet Philippines UK

After Philhealth cyber attack: DICT, PNP-ACG recommend steps to prevent randomware

Planet Philippines (Full Attribution Below)

Sep 26

PhilHealth station addressing the financial needs of citizens in the public health system in this photo from PhilHealth's website. (Photo from Philippine Health Insurance Corporation's website)

Government agencies should start implementing measures to prevent ransomware groups from accessing them, says the Department of Information and Communications Technology (DICT).

This statement came after the Philippine Health Insurance Corporation (PhilHealth) was hacked by the Medusa ransomware group last Friday, September 22. They demanded $300,000 (P17,063,850) in ransom money for the stolen data.

PhilHealth disabled access to all its systems, including the website, the member portal, the health care institution (HCI) portal and the e-claims platform.

In an update on September 23, PhilHealth assured its members that their personal and medical information were not compromised and leaked.

The state insurer shall continue its operations manually while working on restoring affected systems in the meantime.

Actions, steps to take

Ransomware is a type of malware wherein an attacker locks or encrypts data from a victim's device to be ransomed for a considerable amount of money.

RELATED: Rundown: Ransomwares detected in the Philippines, other SEA countries 

In an advisory, the DICT shared a sample ransom note that perpetrators behind the spread of ransomware create for their victims.

"The ransom note instructs the victims to contact the attackers via a TOR chat or a TOX ID," the department said.

Screenshot of a ransom note from people behind Medusa ransomware (DICT)

The DICT thus asked government agencies and the public to take action once their systems get compromised by Medusa ransomware.

Some of the recommendations in the advisory are:

Backing up files, systems, processes, and other digital assetsProhibiting the use of illegal software and unlicensed programs, especially those downloaded from the internet, in all government officesReviewing the access management policies of the organization, including the use of computers not issued by the governmentImplementing a recovery plan to properly store multiple copies of sensitive or proprietary data in different secure locations

Below are the rest of DICT's recommended actions in case of any cybersecurity attack such as the Medusa ransomware incident.

DICT also recalled that the Medusa ransomware has been observed since June 2021.

The agency explained that individuals distribute Medusa ransomware by "exploiting publicly exposed Remote Desktop Protocol (RDP) servers either through brute force attacks, phishing campaigns or by exploiting existing vulnerabilities."

From emails, websites, apps 

In a video posted on September 25, the Philippine National Police-Anti-Cybercrime Group (PNP-ACG) said that employees may unintentionally give access to ransomware if they go to suspicious websites or click sketchy email attachments.

"Nakakapasok to kunwari na-click ng employees natin o na-click natin ang mga attachments sa email o mga infected websites na napasok or meron din vulnerabilities sa ating software," PNP-ACG spokesperson PCPT. Michelle Sabino said.

Sabino shared the step-by-step infiltration process in a ransomware incident:

Files and other types of data stored in an infected device get encrypted or locked.Owners or administrators thus lose access to their files.Scammers will give instructions to their victims on how their data can be unlocked.They will also ask for money as ransom for a decryption key to their files.

"So, ineencrypt tapos pag nagbayad na kayo, ibibigay nila yung decryption key," Sabino said.

She advised the public to install anti-virus software and keep it up to date.

"Ito yung magdedetect, sila yung pag nakita o merong attempt, ibo-block na nila. Pag nakita na nila na parang ransomware to, bago pa ma-infect yung system niyo, nadedetect na nila," she said.

The PNP-ACG spokesperson also emphasized the need to train employees on email security measures, domain name system (DNS) and web filtering services.

"Kailangan i-train ang employees to be cautious about opening emails. Usually, ang ransomware nanggagaling sa emails," Sabino said.

"Gumamit tayo ng DNS and web filtering services na makakatulong sa pag block ng mga connections lalo na pag meron silang nakitang malicious websites," she also suggested.

Moreover, Sabino also cautioned the public from downloading applications online.

"Para ma-prevent din na nagdodownload tayo ng mga app na mga pinapadala satin na di natin alam ransomware pala," she said.

Comment

Unsubscribe to no longer receive posts from Planet Philippines UK.
Change your email settings at manage subscriptions.

Trouble clicking? Copy and paste this URL into your browser:
https://www.planetphilippinesuk.com/after-philhealth-cyber-attack-dict-pnp-acg-recommend-steps-to-prevent-randomware/

WordPress.com and Jetpack Logos

Get the Jetpack app to use Reader anywhere, anytime

Follow your favorite sites, save posts to read later, and get real-time notifications for likes and comments.

Download Jetpack on Google Play Download Jetpack from the App Store
WordPress.com on Twitter WordPress.com on Facebook WordPress.com on Instagram WordPress.com on YouTube
WordPress.com Logo and Wordmark title=

Automattic, Inc. - 60 29th St. #343, San Francisco, CA 94110  

at September 26, 2023
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Curated Articles For Today! - Planet Philippines UK

Read our latest blogs (curated for you) ...

  • Curated Articles For Today! - Planet Philippines UK
    Read our latest blogs (curated for you) ...
  • Curated Articles For Today! - Planet Philippines UK
    Read our latest blogs (curated for you) ...
  • Curated Articles For Today! - Planet Philippines UK
    Read our latest blogs (curated for you) ...

Search This Blog

  • Home

About Me

DavaoPlus
View my complete profile

Report Abuse

Blog Archive

  • July 2026 (10)
  • June 2026 (31)
  • May 2026 (28)
  • April 2026 (24)
  • March 2026 (30)
  • February 2026 (19)
  • January 2026 (25)
  • December 2025 (19)
  • November 2025 (26)
  • October 2025 (25)
  • September 2025 (30)
  • August 2025 (27)
  • July 2025 (32)
  • June 2025 (23)
  • May 2025 (25)
  • April 2025 (24)
  • March 2025 (28)
  • February 2025 (28)
  • January 2025 (31)
  • December 2024 (31)
  • November 2024 (31)
  • October 2024 (29)
  • September 2024 (725)
  • August 2024 (914)
  • July 2024 (1005)
  • June 2024 (921)
  • May 2024 (951)
  • April 2024 (1006)
  • March 2024 (1086)
  • February 2024 (1104)
  • January 2024 (1023)
  • December 2023 (872)
  • November 2023 (693)
  • October 2023 (684)
  • September 2023 (675)
  • August 2023 (712)
  • July 2023 (680)
  • June 2023 (501)
  • May 2023 (510)
  • April 2023 (470)
  • March 2023 (633)
  • February 2023 (606)
  • January 2023 (628)
  • December 2022 (664)
  • November 2022 (541)
  • October 2022 (564)
  • September 2022 (474)
  • August 2022 (450)
  • July 2022 (526)
  • June 2022 (427)
  • May 2022 (470)
  • April 2022 (487)
  • March 2022 (448)
  • February 2022 (377)
  • January 2022 (474)
  • December 2021 (827)
  • November 2021 (2395)
  • October 2021 (2399)
  • September 2021 (2768)
  • August 2021 (3157)
  • July 2021 (3138)
  • June 2021 (579)
Powered by Blogger.