PDNS Decryption Key Offered, But Hackers Threaten Kominfo Data Release on Denial

TEMPO.CO, Jakarta - The Brain Cipher ransomware group, believed to be from Eastern Europe, followed through on their promise to provide the decryption key for free for Indonesia's Temporary National Data Center (PDNS) to the Ministry of Communication and Information (Kominfo) on July 3, 2024. This act came alongside an apology to the Indonesian public for the disruption caused by the ransomware attack.

The decryption key was announced on a dark website and reposted on social media by X @FalconFeedsio around 8:27 pm Jakarta time (WIB).

The gang explained their decision to forgo a ransom demand. After the June 20th attack, they initially requested US$8 million or Rp131 billion to restore PDNS access.

The group emphasized that they released the key independently, without outside influence or payment, including from the Indonesian government. They portray themself as a unified team with no internal disagreements regarding the decision to cancel the ransom, seeking only voluntary donations.

Hackers’ First and Last Act

The gang declared this a one-time action, stating they won't repeat such attacks. “We are not haggling,” their announcement reads.

They claimed that the attack exposed weak cyber defenses on the PDNS server. They argued that data centers, by nature, require significant investment in security measures, which they allege PDNS Indonesia lacked. “It took us very little time to unload the data and encrypt several thousand terabytes of information [in PDNS).”

Key Verification

Alfons Tanujaya, a cybersecurity expert from Akuncom, believes that the key is likely genuine and functional for accessing PDNS 2 data. However, he recommends verification through decryption attempts by PDNS personnel. “It should be tried first by those managing PDN,” he said on July 3.

Threats to Kominfo

The gang concluded its announcement with a wait-and-see approach. They requested official confirmation from Kominfo regarding the key's functionality and data recovery success. They promised to delete the stolen data upon such confirmation permanently. However, they threaten to publicize the data if Kominfo claims independent data recovery or uses third-party assistance.

“If the second party says that they have restored the data on their own or with the help of third parties, we will publish the data,” the gang said.

As of this publication, the Kominfo Ministry has not yet responded to the Brain Cipher ransomware group's latest announcements or threats. However, reports suggest a press conference scheduled for Thursday morning.

ALIF ILHAM FAJRIADI

Editor’s Choice: A Strike at the Heart of Our National Data

Click here to get the latest news updates from Tempo on Google News