Indonesia gov ransomware chaos may be over after hack group apologizes and says it has shared decrypt keys

News
By
published

This is lucky, as the government didn't have backups.

Jakarta Indonesia
(Image credit: Shutterstock)

Ransomware group Brain Cipher has announced that it will reveal its decrypt keys in the wake of a ransomware attack it conducted against Indonesia’s Temporary National Data Center (PDNS). German tech site Golem.de reported the news after the group posted the key, along with instructions on how to decrypt the data, on its website.

“We hope that our attack made it clear to you how important it is to finance the industry and recruit qualified specialists,” the group said Monday. “Our attack did not carry a political context, only a pentest [penetration test] with post payment.”

Brain Cipher even apologized to the wider Indonesian citizenry saying, “Citizens of Indonesia, we apologize for the fact that it affected everyone.” The group claims that it made this move of its own accord, with no prodding from any government agency. Nevertheless, it’s asking for public gratitude for its ‘generous’ action while simultaneously sharing a Monero address for donations.

After it released the decryption keys, Brain Cipher said, “We will wait until the second party [the Indonesian government] has officially confirmed that the key works and the data has been restored.” It will then delete its copy of the data, after verifying that Indonesia’s data centers are accessible again.

This massive ransomware attack has been a major headache for Jakarta, especially after it noticed that the two affected data centers, which house the information for over 230 public agencies, did not have backups available. The group demanded 131 billion Rupiah, or about US$8 million, to release the decryption key. However, even though the government had no backups of its data, it said that it would not pay the ransom.

Indonesia has yet to acknowledge this development or release a statement regarding the attack on its data center as of the time of writing, so we can't be certain that the decrypt keys work. After all, many ransomware attackers are known to accept payment from their victims but still refuse to release the decrypt key(s) for their data. Furthermore, this move by Brain Cipher might merely be an act of publicity for the group to gain some notoriety or donations. So, until Jakarta confirms that its data is safe and available again, we cannot believe that the decrypt key even works.

Jowi Morales
Jowi Morales
Contributing Writer

Jowi Morales is a tech enthusiast with years of experience working in the industry. He’s been writing with several tech publications since 2021, where he’s been interested in tech hardware and consumer electronics.

TOPICS
5 Comments Comment from the forums
  • USAFRet
    Subtext:
    The Indonesian government found out who they were, went to their house, and threatened to break various parts of their bodies until they coughed up the decryption keys.
    Reply
  • OLDKnerd
    Well i am not the backing up kind of guy, but then again i don't really have anything to loose but the time it take to format and reinstall system.
    On a gooberment level seeing as Denmark are one of the most digitized countries in the world, i am extremely worried CUZ i have not in my 60 years of living seen my gooberment make a WIN on anything digital.
    Reply
  • bit_user
    USAFRet said:
    Subtext:
    The Indonesian government found out who they were, went to their house, and threatened to break various parts of their bodies until they coughed up the decryption keys.
    Pretty much what I thought, except that I'd guess they're based in a different country and Indonesia reached out to the host country to put the squeeze on the group.

    If they were dumb enough to actually be within direct reach of the Indonesian government, then we'd be hearing about a police raid and not a diplomatic-sounding announcement put out by them. So, that tells me they're operating in a country with tacit approval of their activities by the government, except when they put a toe across the wrong political boundary.
    Reply
  • watzupken
    This story makes no sense to me whatsoever. Whoever hacked the Indon government for the purpose of making money I believe, had the perfect opportunity to do just that because they have no backup. Instead they apologized to the government and gave them the decryption key. Wow. Makes me wonder if this is all staged...
    Reply
  • bit_user
    watzupken said:
    This story makes no sense to me whatsoever. Whoever hacked the Indon government for the purpose of making money I believe, had the perfect opportunity to do just that because they have no backup. Instead they apologized to the government and gave them the decryption key. Wow. Makes me wonder if this is all staged...
    A lot of hacking groups operate in certain countries where they have the tacit permission by their government. If Indonesia figured out where the hackers are located and contacted that government, they could've threatened to shut down the hackers. To me, that seems like a more plausible explanation for the climb-down.
    Reply