Indonesian government ransomware hackers apologize, give out encryption key

ID theft
Image credit: Pixabay (Image credit: Future)

Hackers that used ransomware to recently lock servers belonging to the Indonesian government, disrupting the everyday lives of millions of citizens, have apologized for their misbehavior.

Singaporean dark web intelligence firm Stealth Mole has published a message allegedly written by the Brain Cipher ransomware organization, stating, "Citizens of Indonesia, we apologize for the fact that it affected everyone." 

The group added it was only acting as penetration testers, and released a decryptor to restore the locked files.

Attacking the National Data Center

The group also said it wasn’t pressured into apologizing and restoring the files, not by the government, or by anyone else.

"We hope that our attack made it clear to you how important it is to finance the industry and recruit qualified specialists," the letter further reads. "In this case, the attack was so easy that it took us very little time to unload the data and encrypt several thousand terabytes of information.”

"We're not haggling," the attackers said, despite having previously demanded $8 million in exchange for keeping the data safe, and for sharing the decryption key - an offer the Indonesian government turned down.

Now, the attackers are sharing a key, in the form of a 54 kb ESXi file, whose validity is yet to be confirmed.

Indonesian government officials had confirmed its National Data Center (PDN) was struck on June 20, with the attack apparently organized by an affiliate of LockBit, and the encryptor used was LockBit 3.0. 

At least 210 national institutions were affected by the incident, including the nation’s immigration office, which led to problems in issuing passports, visas, residence permits, and similar - leading to long lines at airports around the country.

Via The Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.