close
close

PDNS decryption key offered, but hackers threaten to publish Kominfo data if refused

Posted on by angelo

TEMPO.CO, JakartaRansomware group Brain Cipher, believed to originate from Eastern Europe, has fulfilled its promise to provide the decryption key for the temporary Indonesian National Data Center (PDNS) to the Ministry of Communication and Information (Kominfo) for free on July 3, 2024. This act was accompanied by an apology to the Indonesian public for the disruption caused by the ransomware attack.

The decryption key was announced on a dark web site and reposted on social media by X @FalconFeedsio around 20:27 Jakarta time (WIB).

The gang explained its decision to drop a ransom demand. After the June 20 attack, they had initially demanded $8 million, or Rs 131 billion, to restore access to the PDNS.

The group stressed that it released the key independently, without outside influence or payment, including from the Indonesian government. It presents itself as a united team, with no internal disagreement over the decision to cancel the ransom, and only seeking voluntary donations.

First and last act of the hackers

The gang said it was a one-off action, saying it would not repeat such attacks. “We do not bargain,” their statement read.

They claimed that the attack had exposed the weakness of the PDNS server’s cyber defenses. They argued that data centers, by their nature, require significant investment in security measures, which they said PDNS Indonesia lacks. “It took us very little time to offload the data and encrypt several thousand terabytes of information (in PDNS).”

Key verification

Alfons Tanujaya, a cybersecurity expert at Akuncom, believes the key is likely genuine and functional to access PDNS 2 data. However, he recommends verification through decryption attempts by PDNS staff. “It should first be tried by those who manage PDN,” he said on July 3.

Threats against Kominfo

The gang concluded their announcement by adopting a wait-and-see attitude. They asked Kominfo for an official confirmation regarding the functionality of the key and the success of the data recovery. They promised to permanently delete the stolen data after this confirmation. However, they threaten to make the data public if Kominfo claims to have recovered the data independently or enlists the help of a third party.

“If the second party says they restored the data by themselves or with the help of third parties, we will release the data,” the gang said.

At the time of publication, the Ministry of Information had not yet responded to the latest announcements or threats from the Brain Cipher ransomware group. However, there are reports of a press conference scheduled for Thursday morning.

ALIF ILHAM FAJRIADI

Editors Choice: A strike at the heart of our national data

Click here to get the latest Tempo news on Google News