Ransomware Gang Who Hit Indonesian Government Offers Key and Apologies

• The ransomware gang behind the recent attack that hit the Indonesian Temporary National Data Center reportedly released a decryption key for free.
• The Brain Cipher hacker group declared there was no political motive behind their attack.
• Their alleged note also included a promise to never offer keys for free again and an apology to the affected Indonesian citizens.

In June, the Brain Cipher ransomware attack compromised the Temporary National Data Center (PDNS) in Indonesia. The cybercriminals who deployed a fresh variant of the LockBit malware known as Lockbit 3.0 wanted 131 billion Rupiah (US $8 million) in ransom for the exfiltrated data, but it seems they ultimately decided to offer the decryption key for free.

After the system lockdown, Communication and Informatics Minister Budi Arie Setiadi said the government did not intend to pay, and authorities were attempting to decrypt the data. 

In the announcement shared by Singapore-based Dark Web intelligence outfit Stealth Mole on X, the cybercriminal group allegedly argued that the government passed the talks to a third party, halting their direct negotiations. 

The note specified this “generous” decision came on their own accord, with no implication from law enforcement and other official agencies. However, it also mentioned that offering a free decryptor does not set a precedent.

They also said there was no political motive behind the attack, which was only a “pentest.” The hackers even wrote gratitude for their grand gesture and left a wallet for donations. What’s more, the cybercriminals issued an apology to Indonesian citizens “for the fact that it affected everyone.”

The cybercriminals reportedly promised to permanently delete the data only after the goverment confirms the systems are unlocked. The provided decryption key is a 54 kb ESXi file, but it was not announced whether it really works. 

The security incident hitting PDNS on June 20 massively disrupted official digital services from approximately 200 institutions. The attack impacted two data centers, one of which didn’t have almost any data backed up.

Backup is available to government agencies using these data centers, but backing up data is optional, and most agencies do not use it due to budget constraints. Indonesia’s president, Joko Widodo, has ordered an audit of government data centers, and the government promised to revise the nation’s cybersecurity approach.