After hacking an Indonesian data centre and causing major flow-on effects across the country, a group of cyber criminals has revoked its ransom, apologised and downplayed the colossal attack as an innocent “pentest with post payment”.
Last month, cyber criminals caused a national crisis in Indonesia after attacking a government data centre and massively disrupting public services.
Marking the biggest hack yet from new-coming ransom gang ‘Brain Cipher’, Antara reports some 282 government agencies were impacted by the attack – the most notable of which saw queues of disgruntled travellers pile up at malfunctioning airport arrival and departure gates following disruptions to the nation’s immigration services.
While Brain Cipher initially demanded an $11.9 million ($US8 million) ransom, the group last week apologised for the hack and claimed to have helped Indonesia’s government rectify the attack.
“Citizens of Indonesia, we apologise for the fact that it affected everyone,” Brain Cipher wrote on its dark web blog.
“We hope that our attack made it clear to you how important it is to finance the industry and recruit qualified specialists.
“We also ask for public gratitude and confirmation that we have consciously and independently made such a decision.
“If the government representation considers it wrong to thank the hacker, you can do it privately at the post office.”
Further to downplaying the severity of its attack – which locked and encrypted crucial government data systems – Brain Cipher went so far as to post a donations link for those who wish to reward the gang’s apparent change of heart.
Notably, Brain Cipher’s apology arrived after Indonesian officials staunchly and publicly refused to pay out a ransom.
In a follow-up post on 3 July, the group further claimed it had given decryption keys to government officials and would delete any data it stole once restoration was confirmed.
“This is the first and last time a victim receives keys for free,” said Brain Cipher.
The gang then explained its unsurprising motivations for the attack, pointing out how data centres are a valuable extortion target given their role in critical infrastructure, before writing off the whole affair as “very expensive advertising” for its criminal capabilities.
By Tuesday, Brain Cipher made a final post indicating government officials had cut communications and warned dark web users that anyone “trying to sell data” on its behalf is a fake.
“We will not wait for an answer from the data centre,” said the gang.
“We are sure that the key is working, we hope that local specialists will be able to restore it without any problems.
“We confirm that we've erased all the data we had. Databases, logs, emails. We think we've earned everyone's trust.
“We both need to move on.”
Everything’s fine
As last reported by Antara, many government agencies are still working to “conduct data recovery” following the incident, though Indonesia’s government officials have repeatedly downplayed the effects of the attack.
In late June, Minister of Communication and Informatics Budi Arie Setiadi assured the attack was led by non-state actors, stating "praise be to God because the effect will be worse if a state actor was behind the attack”.
Setiadi, who reportedly indicated the attack caused “no data leak” whatsoever, currently faces mounting public backlash as a petition with more than 26,000 signatures calls for his resignation – though Director General of Applications and Information, Semuel Abrijani Pangerapan, has resigned and claimed personal responsibility for the incident instead.
Law and Human Rights Minister Yasonna Laoly went on to claim immigration data transferred to Amazon Web Services was safe from data leaks, though Brain Cipher conducted its attack well before the data was migrated.
"Now, it's still in AWS. Complete, good, and no problems anymore," Laoly said.
The country's tourism minister has declared an uptick in tourist arrivals following its major airport gate disruptions, while the general of air transportation has emphasised aircraft navigation services were not impacted.
Coordinating Minister for Security Affairs, Hadi Tjahjant, shared optimism for the government’s recovery efforts despite revealing public services won’t be fully “back to normal” until the end of July, and the information technology ministry has since gone on to announce a rather detailed recovery plan for the data encrypted during the attack.
The government reportedly plans to bolster its previously lacking data centre backup features following the attack, while an independent third party will begin a security audit of the impacted data centre in September.