Cyber Incident Victim: Open University of Cyprus

On March 27, 2023, the Open University of Cyprus suffered a significant cyberattack that severely disrupted its operations. The university, which is an online institution based in Nicosia providing remote learning to 4,200 students, was forced to take several critical systems offline as a direct result of the incident. In a public announcement following the attack, the university confirmed the precautionary shutdown of access to its central services, including its eLearning Platform, its Employment Portal, and the Portal for applications of prospective students. This widespread outage impacted the core functions of the university, directly affecting students and staff who rely on these digital systems for academic and administrative work. In response to the disruption of its eLearning platform, the university provided assurances that academic staff would grant extensions for any assignment deadlines that were affected during the service interruption.

The Medusa ransomware gang publicly claimed responsibility for the attack on April 6, 2023, by listing the Open University of Cyprus on its data leak site. The group issued a ransom demand of $100,000, setting an identical price for both the deletion of the stolen data and for its sale to a third party. Furthermore, the threat actors offered a one-day delay in publishing the exfiltrated data for a payment of $10,000. To substantiate their claims, the group published samples of the data they had allegedly stolen. These published files contained highly sensitive information, including student lists containing personally identifiable information and financial details pertaining to research contractors. This incident was part of a broader pattern of cyberattacks targeting Cyprus in early 2023, which included a major attack on the national land registry and reported intrusion attempts against the University of Cyprus and the Ministry of Defense.