Special Features

Malware Month

Ransomware scum who hit Indonesian government apologizes, hands over encryption key

Brain Cipher was never getting the $8 million it demanded anyway


Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center (PDNS) and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government.

That key was in the form of an 54 kb ESXi file. Its efficacy has not yet been confirmed.

"Citizens of Indonesia, we apologize for the fact that it affected everyone," the team wrote in a statement shared by Singapore-based dark web intelligence outfit Stealth Mole.

In the statement, Brain Cipher detailed that it was releasing the decryptor of its own accord, without prodding by law enforcement or other agencies. It did, however, ask for public gratitude for its magnanimous behavior – and even provided an account at which it could receive donations. Good luck with that.

The team also provided a motive – that it was acting as a penetration tester of sorts, and that talks with the government had become deadlocked.

The cyber criminals had demanded a ransom of 131 billion Rupiah ($8 million) to release data it ransomwared June 20, but the Indonesian government refused to pay up.

"We hope that our attack made it clear to you how important it is to finance the industry and recruit qualified specialists," the hackers lectured.

"In this case, the attack was so easy that it took us very little time to unload the data and encrypt several thousand terabytes of information," the group boasted.

The statement concludes: "We're not haggling."

We have asked Stealth Mole to provide us with evidence of the statement's authenticity.

Brain Cipher clarified that while the Indonesian government might receive its data back for free, not all victims would get the same treatment.

"Honestly, this is very embarrassing for Kominfo and also us as Indonesian citizens," shared one cyber security influencer in Indonesian Bahasa.

"Imagine, with a budget of Rp 700 billion to secure Indonesian data, you (BSSN et al) only rely on a security system with Windows Defender," he added.

A certain degree of panic has rocked the government – particularly as it was found that backups were optional among the hit agencies. Indonesia's president Joko Widodo subsequently ordered an audit of government datacenters.

Politicians and the public alike appear on the hunt for a scapegoat – a petition demanding the resignation of communications and informatics minister Budi Arie Setiadi over the matter garnered more than 18,000 signatures. ®

Send us news
35 Comments

UK floats ransomware payout ban for public sector

Stronger proposals may also see private sector applying for a payment 'license'

Telemetry data from 800K VW Group EVs exposed online

PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more

Europe coughs up €400 to punter after breaking its own GDPR data protection rules

PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more

I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director

In colossal surprise, ONCD boss Harry Coker says more work is needed

Atos denies Space Bears' ransomware claims – with a 'but'

Points finger at third-party infrastructure being breached

Look for the label: White House rolls out 'Cyber Trust Mark' for smart devices

Beware the IoT that doesn’t get a security tag

DEF CON's hacker-in-chief faces fortune in medical bills after paralyzing neck injury

Marc Rogers is 'lucky to be alive'

DNA sequencers found running ancient BIOS, posing risk to clinical research

Devices on six-year-old firmware vulnerable to takeover and destruction

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

'Codefinger' crims on the hunt for compromised keys

How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise

Cut off one head, two more grow back in its place

£3.8B later, old tech supplier flames still burning for HMRC

Deal supposed to end in 2017 continues to haunt tax collector procurement

Drug addiction treatment service admits attackers stole sensitive patient data

Details of afflictions and care plastered online