Hackers Gift Indonesia with Free Decryption Keys for Two Data Centers, Suggest Hiring Qualified Security Experts
Brook.X
Earlier, two government-owned data centers in Indonesia fell victim to ransomware attacks. These facilities are crucial for operating various levels of the Indonesian government's administrative systems and store vast amounts of sensitive data.
Following the encryption by ransomware, an audit revealed that more than 98% of the data was not backed up, causing several subsystems to become inoperable.
The Indonesian Ministry of Information and Communication acknowledged that these data centers did indeed offer redundancy backup services, but at an additional cost. Consequently, many lower-level governments did not back up their data due to budget constraints.
Today, the hacking group Brain Cipher (a variant of the LockBit ransomware, the name here represents the hacking organization) issued an apology to the Indonesian public, stating that it had provided the Indonesian government with the decryption keys.
Why Apologize and Offer Decryption Keys? The organization explained:
"We apologize to all citizens of Indonesia and those affected. We hope you understand that this attack underscores the importance of funding the industry (referring to data center operations) and hiring qualified security experts.
Our attack was not politically motivated, had no government backing, and was purely a penetration test paid for by us.
We have released the decryption keys and are waiting for the Indonesian government to confirm their effectiveness and restore all data. Once it is confirmed that the Indonesian government can access the data again, we will delete all copies of the data."
Ultimately, the group believes its actions are praiseworthy and thus has provided a Monero cryptocurrency address, hoping for voluntary donations from the Indonesian public.
The Indonesian Government Has Yet to Respond:
No matter how the hacker group apologizes, the Indonesian government is unlikely to respond. The reason is simple: this incident is embarrassing enough, and now they have to use other people's keys to decrypt the data. Earlier, the Indonesian Ministry of Information and Communications claimed that it would crack the data, but the data was encrypted with AES256, so saying that it was a brute force crack was just self-consolation.
Investigations after the fact revealed that the encrypted data centers housed information from over 230 Indonesian public institutions. Initially, the hackers demanded an $8 million ransom from the Indonesian government for the decryption keys, although Indonesia had already made it clear that it would not pay any ransom.
Now that the decryption keys are available, decrypting the data should not be a significant issue. However, the true motives of this hacking group remain unclear. Claims of conducting a penetration test are hardly believable, raising questions if the decision to release the keys was influenced by Indonesian hackers within the group.
