Brain Cipher to release encryption keys for Indonesian government data held hostage

INDONESIA: Brain Cipher, a hacker group implicated in a recent ransomware attack on Indonesia’s Temporary National Data Center (PDNS), has announced its intention to release encryption keys that will grant free access to government data held hostage.

The group, suspected of deploying a variant of the Lockbit 3.0 ransomware, targeted the PDNS server in Surabaya, East Java, on 20 June.

In a statement shared by the digital intelligence company StealthMole through their social media account on Tuesday (2 July), Brain Cipher announced their intention to release the encryption keys on Wednesday.

They underscored that this gesture aims to highlight vulnerabilities in Indonesia’s cybersecurity infrastructure, particularly the need for stronger human resources in the sector.

“Our attack did not carry a political context, only a pentest with post-payment,” Brain Cipher clarified in their statement, as reported by @stealthmole_int.

The group also issued an apology to the Indonesian public for any disruptions caused, requesting acknowledgment for their independent decision-making.

They concluded with a commitment to release the PDNS encryption keys as promised on the upcoming Wednesday.

“On Wednesday, we will prove that we keep our word.”

Ransomware gang Brain Cipher announced they'll release decryption keys for free this Wednesday. They emphasized the need for cybersecurity funding and specialists. Apologies to Indonesia for the disruption. They request public acknowledgment of their decision. pic.twitter.com/FNNg0YsoAp

— Fusion Intelligence Center @ StealthMole (@stealthmole_int) July 1, 2024

However, IT security consultant Alfons Tanujaya advised caution regarding Brain Cipher Ransomware’s assurances about unlocking encrypted PDNS data.

In an Instagram post on Tuesday (2 July), Alfons pointed out the lack of a specific date mentioned by the hackers for the data release, noting only a reference to “Wednesday.”

“If a date is specified, there’s a chance they might follow through,” Alfons remarked.

Despite skepticism, Alfons acknowledged the potential benefit for Indonesians if previously inaccessible data could indeed be recovered.

View this post on Instagram

A post shared by Alfons Tanujaya (@alfonstan)

The National Cyber ​​and Crypto Agency (BSSN) recently confirmed that the PDNS server disruption stemmed from a newly identified variant of the Lockbit 3.0 ransomware, named Brain Chiper.

BSSN Head Hinsa Siburian, as mentioned in a Ministry of Communication and Information press release on 25 June, stated that the agency is collaborating with other cybersecurity entities to analyze the ransomware samples.

Minister of Communication and Information Budi Arie reported that the attackers demanded a ransom of US$ 8 million (approximately 130 billion IDR) following the PDNS attack.

This incident led to service disruptions affecting 210 government agencies at both central and regional levels, with immigration services experiencing the most severe impact due to their heavy public reliance and usage.