A cybersecurity plan set to operate 24 hours a day has been drawn up by the deputy ministry of research, innovation, and digital policy and the digital security authority, Deputy Minister Philippos Hadjizacharias said on Monday, following a spate of cyberattacks over the past month.
Meanwhile, Hadjizacharias also admitted that the digital security authority has a plan meant to encompass all government services on state sensors in order to monitor their cybersecurity, but that currently there are only two government departments included in that plan. Hadjizacharias said that this was a project of the previous administration, and so far only the army and the foreign ministry are included in these sensors of the digital security authority. Commenting on the cyberattacks over the past month, Hadjizacharias said government services need to be strengthened. On the attack that crippled the land registry for almost a month, the minister said: “The land registry is up and running.”
The minister told CyBC that the plan that his ministry and the digital security authority have drawn up includes monitoring systems over the weekend, on holidays, and past shifts as a response to criticism that cybersecurity specialists currently working at these services work civil service hours, and do not monitor the systems around the clock.
Regarding the most recent attack on the Open University of Cyprus, Hadjizacharias said that the university did not want the ministry or the digital security authority to get involved with the attack. They instead chose to hire a private company to deal with the ransomware issue.
Open University of Cyprus said it was continuing to cooperate with authorities on the hack of its database, even after a first tranche of files were made public, which authorities said could be part of two of the hackers’ tactic to elicit money. According to the deputy chief of the cybercrime unit, Yiorgos Karkas, the hackers published a first bunch of the files, but might be saving the second batch and the contents of the files to use in a second ransom attempt. Karkas said: “They published the folders, but it is unclear what the contents of the folders are.”
On Thursday, the hackers from a group calling themselves ‘Medusa’ made good on their threat to release a trove of personal data – potentially terabytes of it – grabbed from the Open University of Cyprus, after a deadline for payment of ransom elapsed. The group of hackers had demanded €100,000 – to be paid in cryptocurrency – from the university in return for not releasing the data. The university had announced the hack in late March.
Source: Cyprus Mail