The Medusa ransomware gang has claimed responsibility for a cyberattack on the Open University of Cyprus (OUC), which has caused severe disruption to the organization’s operations.

OUC is an online university based in Nicosia, Cyprus that offers distance learning. It offers 30 higher education programs to 4,200 students and participates in various scientific research activities.

Last week, the university released an announcement about a cyberattack that occurred on March 27, which took several central services and critical systems offline.

“As a precautionary measure, access is not provided to the University’s eLearning platform, the job portal, the prospective student application portal and other critical systems which mainly concern the university community.” plays OUC ad.

“Where there are deadlines for submission of assignments, extensions will be provided by academic staff,” the university said.

Today, ransomware group Medusa released OUC on its data leak site, giving the institute 14 days to respond to its ransom demands. The hackers demanded $100,000.

However, the threat group set the same price for deleting the data as well as selling it to an interested party. For $10,000, the hackers say they would delay the data release for a day.

Sample data has also been released, to prove that their claims are real. Files include student rosters with personally identifiable information, research contractor financial details, and more.

Unlike other ransomware actors, Medusa does not consider educational organizations to be banned. In early March, the gang targeted the Minneapolis Public Schools District, demanding a $1 million ransom.

For more details on the Medusa ransomware profile, see our detailed analysis of the threat actor, which covers Techniques, Tactics, and Procedures (TTPs).

Cyprus under “cyber pressure”

The small island nation in the eastern Mediterranean has suffered a series of high-impact cyber-incidents since the start of 2023, the most notable being a catastrophic attack on the national cadastre’s online portal on March 8.

The attack froze records worth 150 million euros and forced the state organization into a prolonged shutdown that could only be resolved by construction of a new portal at a different address, configured with limited functionality more than two weeks later.

Local media too reported that the same hackers attempted to breach the University of Cyprus and also the Ministry of Defense, but both entities managed to block the intrusions by detecting them early and isolating the affected systems.

H/T: Brett Callow