In recent years, the world has witnessed a disturbing trend in the realm of cybersecurity: the increasing frequency and severity of ransomware attacks targeting government agencies. These attacks pose a significant threat not only to national security but also to the safety and well-being of citizens. The severity of a government agency being hacked by ransomware cannot be overstated, as it has far-reaching implications that extend beyond mere data breaches.
One of the most immediate and critical concerns when a government agency is hacked by ransomware is the potential compromise of national security. Government agencies house sensitive and classified information related to defense, intelligence, and law enforcement. When hackers gain access to this information, it can be used to compromise national security by providing adversaries with valuable insights and intelligence.
In some cases, ransomware attacks on government agencies have been linked to state-sponsored actors, adding an extra layer of complexity and concern. The involvement of nation-states in such attacks can escalate tensions between countries and further destabilize international relations.
Just recently, the Philippine Health Insurance Corporation (PhilHealth) became the latest victim of a ransomware attack by the Medusa Group. Based on reports from the interwebs, the hackers have already released the data dump from PhilHealth, since the GOCC (government-owned and controlled corporation) did not pay the ransom.
According to Vladimir Kuskov, Head of Anti-Malware Research at Kaspersky, “Medusa ransomware is a malicious software that encrypts victims’ data and demands a ransom for its release. The threat actors behind this strain typically attack their victims via unsecured Remote Desktop Protocol (RDP) access and phishing campaigns. The attackers typically manually infiltrate the victim’s network, carry out reconnaissance, move laterally, steal the victim’s sensitive data, and finally launch the ransomware trojan that encrypts files with the .MEDUSA extension and leaves a ransom note. The Medusa threat actor uses the double-extortion tactic, threatening to leak the stolen confidential data of their victims on the ‘Medusa Blog’ on the TOR network if the ransom isn’t paid.”
Kaspersky products are able to proactively detect this threat and protect against it with Behavior Detection. The cybersecurity firm also said that they have not observed any statistically significant number of detections of Medusa ransomware in the Philippines or Southeast Asia region.
Disruption of Essential Services
Government agencies are responsible for delivering a wide range of essential services to the public, including healthcare, education, transportation, and emergency services. When a government agency’s systems are compromised by ransomware, these services can be severely disrupted.
For example, a ransomware attack on a healthcare agency could compromise patient records and disrupt critical medical services. Similarly, an attack on a transportation agency could disrupt public transportation systems, leading to chaos and inconvenience for commuters.
Ransomware attacks on government agencies come with significant financial costs. Not only do governments have to pay ransoms to regain access to their data and systems, but they also incur expenses related to investigating the attack, restoring systems, and implementing cybersecurity measures to prevent future incidents. These costs can run into millions or even billions of dollars, depending on the scale of the attack.
When government agencies are hacked by ransomware, it erodes public trust in the ability of governments to protect sensitive information and provide essential services. Citizens may question their government’s competence and security practices, leading to a loss of confidence in the institution.
To make matters worse, the personal information of citizens may be compromised in these attacks. This not only exposes individuals to the risk of identity theft but also undermines trust in government agencies to safeguard their personal data.
Ransomware attacks on government agencies can have legal and regulatory ramifications. Governments may face lawsuits and fines for failing to protect citizens’ data adequately. In addition, new cybersecurity regulations and legislation may be introduced in response to these attacks, placing additional burdens on government agencies to enhance their cybersecurity measures.
Will we see someone finally going behind bars due to negligence and Data Privacy Act violations following this PhilHealth x Medusa incident?
Lawmaker Calls on Enhanced Cybersecurity Measures in the Philippines
Senator Win Gatchalian is urging both government agencies and the private sector in the Philippines to bolster their cybersecurity defenses in the wake of the unresolved hacking incident at Philhealth. He has introduced Senate Bill 2066, known as the Critical Information Infrastructure Protection Act, which mandates critical information institutions (CII) to implement robust cybersecurity measures for their ICT systems and infrastructure and establish incident response and recovery protocols. The bill also empowers the Department of Information and Communications Technology (DICT) to set and update information security standards. It designates the National Computer Emergency Response Team (NCERT) as the central authority for coordinating computer emergency response teams across various industries. Senator Gatchalian emphasizes the increasing reliance on digital technologies in the post-COVID-19 era, with Filipinos using 4.3 more digital services on average compared to pre-pandemic times and the eCommerce sector expected to reach US$10.3B in sales by 2025, according to estimates by GlobalData.
“It is high time that we take the necessary steps to protect our critical information infrastructure by ensuring, at the minimum, compliance with international standards and globally accepted best practices for cybersecurity. With the increased use of digital technologies in our daily lives, malicious actors from casual scammers to highly sophisticated state-based groups, hunt for vulnerabilities in ICT systems and networks to steal information, disrupt essential services, and profit from attacks,” said Gatchalian, citing as an example the ongoing cyberattack on Philhealth’s database wherein cybercriminals have asked for $300,000 in exchange for handing over decryption keys, as well as deleting and not publishing the data they illegally obtained.
“The adoption and implementation of minimum information security standards is a globally accepted best practice to provide guidance, which would lead to more efficient use of resources, improved risk management, consistent delivery of critical and essential services and effective protection of the confidentiality, integrity, and availability of information that is vital to the nation,” the senator added.