Brain Cipher, the new hacking group that immediately drew international attention with its attack on a national data center in Indonesia, looks to be trying to turn the incident into a marketing exercise as it has publicly handed over a ransomware decryptor to the country’s communications ministry.
This follows a refusal by the Indonesian government to pay an $8 million ransom demand. Brain Cipher likely decided to cut their losses and make a bid to keep their names in mainstream media, but also used the opportunity to request donations from impacted government agencies and citizens in response to the provision of the ransomware decryptor.
Indonesian government has unlocked some data with the ransomware decryptor, but full recovery may be slow
Though the government may have been bailed out by this development, the national data center incident has sparked a flurry of cybersecurity reform in an environment that had been criticized for some time for being insufficient to keep up with today’s threats. One of the major lessons that seems to have been taken from the incident is the need to have adequate backups in place, something that government agencies were not previously required to do.
Brain Cipher likely decided to cut their losses after payment was refused, no doubt considering what happened to Conti after it attacked the government of Costa Rica in 2022 in a similar incident. International law enforcement has proven effective at taking out major ransomware gangs when they go a little too far and mess with the wrong targets, and Brain Cipher does not want that level of attention at the very beginning of their ransomware career.
The national data center that was attacked was one of four that supports Indonesia’s various government agencies, though this particular one is a temporary facility in use as a more permanent and secure location is under construction. The Indonesian government said that it has unlocked six sets of data using the ransomware decryptor, but with about 230 government agencies impacted by the attack it could be some time before everything is fully restored.
National data center attack causes government cybersecurity shake-ups
The Ministry of Communications and Informatics (Kominfo) is cautioning the public that while the ransomware decryptor appears to be working, there is a lot more data to unencrypt and there is no guarantee it will work on everything the national data center lost in the attack. For its part, Brain Cipher has warned that if Kominfo seeks help from the authorities or any third party recovery companies it will see its stolen data leaked to the dark web.
The Indonesian government has confirmed that an employee’s sharing of their password was the source of the national data center breach, though it is not clear if this was a case of successful phishing/social engineering or something else. Whatever the case, that employee may face legal action over the breach. Kominfo’s Director-General of Informatics Applications also resigned due to the breach.