DICT says DOST hack possible ransomware, ‘hacktivism’ attack

By Raymond Carl Dela Cruz

April 4, 2024, 6:54 pm

MANILA – The recent cyber-attack on the Department of Science and Technology (DOST) is possibly ransomware or a political attack, the Department of Information and Communications Technology (DICT) said.

In a Zoom press conference on Thursday, DICT Spokesperson, Assistant Secretary Renato ‘Aboy’ Paraiso said the strike is consistent with a ransomware attack, with the DOST’s system locked out and encrypted by the threat actors.

“Initially they were locked out of their system, talagang na-encrypt yung mga data nila (their data were encrypted). NCERT (National Computer Emergency Response Team) was able to go in and be able to log in – we recovered partial access to their system,” Paraiso said.

However, he said the hackers are yet to demand “ransom” in exchange for the encryption key and have instead made a political statement following the hack.

“Ang una ngang mensahe ng mga threat actors natin is somewhat political in nature. So, hindi namin dini-discount that this is part of hacktivism or something more nefarious or devious (The first message of the threat actors was somewhat political. So, we’re not discounting that this is part of hacktivism or something more nefarious or devious),” he said.

While the cyber-attack is the biggest in terms of the amount of compromised data at two terabytes (TB), he said the impact is relatively small as it doesn’t involve personal data from the public.

“Mostly data under the custody and care of the DOST. These include proposals for inventions, and even their backup and redundancies were also compromised,” he said.

While the extent of the hack is still being investigated, he said the hackers might have no access to the compromised data themselves.

“Ang nakikita namin naka-lock out lang ho, wala hong extraction na ginawa. Ang initial na investigation natin, locked out din ang threat actors because na-detect din agad natin (What we’re seeing is that we’re merely locked out. Initial investigation shows that the threat actors themselves might be locked out since we detected the attack early),” he said.

The attack was detected using a passive detection tool of the NCERT and was immediately reported to the DOST on Wednesday at 11 a.m.

“While the DOST had an existing system that was employed to prevent this kind of attack, the attackers were still able to penetrate,” he said.

He assured the DICT is working to restore access to the DOST system and is working with other IT security experts in the government to see the full impact of the incident. (PNA)