A threat group which severely disrupted critical public services in Indonesia after targeting the nation’s national data center has handed over the decryption key for free.
The initial attack took place on 20 June and affected at least 210 national institutions, including Indonesia’s immigration office, prompting major delays in issuing passports, visas, and residence permits.
In a shocking turn of events, after initially holding the stolen data for a ransom of $8 million, the group revealed it would be sharing the key with the government for free.
On 3 July, a statement from the group behind the attack, Brain Cipher, initially made via the dark web and shared on the clearnet by Singaporean cyber intelligence firm StealthMole, announced its decision to hand over the key.
It stated the group would wait for the Indonesian government to confirm the key is working and that data is restored, before permanently deleting the stolen information.
The group emphasized it was choosing to hand over the key, and was not doing so under duress from law enforcement agencies, claiming it reached this decision independently and “without the intervention from special services or legal institutions”.
The group noted this would be the “first and last time a victim will receive keys for free”, adding that any other victims should not expect the same treatment.
“We’re not haggling,” the group boldly declared in its statement.
Brain Cipher also provided some answers to popular questions about the motivations driving the attack and the Temporary PDN-2 data center specifically.
“[A] data center is a high-tech industry that requires huge investments and everyone who made this business should know this. 99 out of 100 companies must pay if they find themselves in such a hopeless situation. In this case, the attack was so easy that it took us very little time to unload the data and encrypt several thousand terabytes of information.”
The Indonesia data center hack prompted a nationwide cyber audit
Indonesia’s Politic, Law, and Security Affairs coordinating minister, Marshal Hedi Tjahjanto revealed on 1 July that a forensic investigation into the incident indicated the attackers gained initial access as a result of negligent password management by a government employee.
The government said it would be taking legal action against the individual in question, as well as launching a national audit of its national data centers after it was revealed the compromised data was not backed up.
An official from Indonesia’s cyber security agency, Hinsa Siburian, confirmed that 98% of the government data stored at the Temporary PDN-2 site had not been backed up, blaming a lack of governance over the nation's security posture.
Indonesia’s communication minister claimed the data held at the facility was not backed up due to budget constraints, stating the site had the backup capacity but that it was not able to use it.
Chair of the commission investigating the breach, Meutya Hafid, on the other hand, pulled no punches, asserting that the issue was primarily due to “stupidity”.
Ministry of Communications and Informatics (Kominfo) director-general of Informatics Applications, Semuel Abrijani Pangerapan, announced he would be resigning as a result of the incident.
"I declare that as of July 1, I have submitted my resignation verbally and the letter has been submitted to the Minister of Kominfo”, Semuel said in Jakarta.
