Ransomware Gang Who Hit Indonesian Government Offers Key and Apologies

Written by Lore Apostol
Published on July 5, 2024

In June, the Brain Cipher ransomware attack compromised the Temporary National Data Center (PDNS) in Indonesia. The cybercriminals who deployed a fresh variant of the LockBit malware known as Lockbit 3.0 wanted 131 billion Rupiah (US $8 million) in ransom for the exfiltrated data, but it seems they ultimately decided to offer the decryption key for free.

After the system lockdown, Communication and Informatics Minister Budi Arie Setiadi said the government did not intend to pay, and authorities were attempting to decrypt the data. 

In the announcement shared by Singapore-based Dark Web intelligence outfit Stealth Mole on X, the cybercriminal group allegedly argued that the government passed the talks to a third party, halting their direct negotiations. 

The note specified this “generous” decision came on their own accord, with no implication from law enforcement and other official agencies. However, it also mentioned that offering a free decryptor does not set a precedent.

They also said there was no political motive behind the attack, which was only a “pentest.” The hackers even wrote gratitude for their grand gesture and left a wallet for donations. What’s more, the cybercriminals issued an apology to Indonesian citizens “for the fact that it affected everyone.

Indonesia Hacking Public Statement
Image Source: Kominfo (via X)

The cybercriminals reportedly promised to permanently delete the data only after the goverment confirms the systems are unlocked. The provided decryption key is a 54 kb ESXi file, but it was not announced whether it really works. 

Decryption File Indonesia Data Center Attack
Image Source: Kominfo (via X)

The security incident hitting PDNS on June 20 massively disrupted official digital services from approximately 200 institutions. The attack impacted two data centers, one of which didn’t have almost any data backed up.

Backup is available to government agencies using these data centers, but backing up data is optional, and most agencies do not use it due to budget constraints. Indonesia’s president, Joko Widodo, has ordered an audit of government data centers, and the government promised to revise the nation’s cybersecurity approach.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: