6 Facts About Bank Indonesia Being A Victim Of The Most Violent Conti Ransomware Attack
JAKARTA - The Internet universe was recently shocked by the news of the hacking carried out by the Conti ransomware gang to its victims, Bank Indonesia (BI). They managed to break into a number of data from the bank system.
A total of 16 computer devices or PCs have been infected with the malicious malware, and now all of them have been brought by the National Cyber Password Agency (BSSN) for further investigation.
The news was first obtained from the upload of a dark web security researcher known as Dark Tracer, on his Twitter account @darktracer_int.
"[ALERT] The Conti ransomware gang has announced "BANK OF INDONESIA" is on the victim list," tweeted @darktracer_int.
For more details, here are the facts about the hacking of Bank Indonesia by the Conti ransomware gang.
Bank Indonesia Admits There Was Hacking, But Last MonthThrough the Head of the Communications Department of Bank Indonesia, Erwin Haryono, admitted that the attack took place last month.
"Bank Indonesia was aware of an attempted hack in the form of ransomware last month. It made us aware, it was real and we were hit. Bank Indonesia has conducted an assessment of the attack," Erwin told VOI yesterday.
This incident was also confirmed by BSSN Spokesperson, Anton Setiawan, "Yes, that's right, the attack was reported by BI to BSSN on December 17, 2021," he said.
Dark Tracer Reveals Amount of Data StolenIn his tweet, @darktracer_int also shared a screenshot of the site claimed to be the dark web belonging to the Conti ransomware gang.
Various file views are visible and named corp.bi.go.id. In the upload, it is stated that the total data reached 487.09 MB with as many as 838 files obtained by them. It is not known for sure whether this is the only data that has been obtained, or if there are others. The entire data is claimed to have been taken from an open server owned by Bank Indonesia, namely www.bi.go.id.
Attack Bengkulu Branch, Conti Steals Unimportant FilesAnton stated that 16 PCs had been infected from this attack, but the incident was not in Jakarta, but an attack on the system at the Bank Indonesia Bengkulu branch. Fortunately, no critical data was stolen.
"The BSSN and BI teams verify the contents of the stored data, the stored data is indicated to be data belonging to the Bengkulu branch of Bank Indonesia," said Anton.
"There are 16 PCs affected by this attack. Personal work data on PCs at the branch office. There is no data related to critical systems in BI," he added.
Furthermore, Anton explained that the data includes personal daily work data, "Such as laptop loan letters, swab submissions, and waste disposal management," said Anton.
Bank Indonesia Immediately Takes PrecautionsKnowing this, Bank Indonesia immediately reported to the BSSN, then the two parties immediately coordinated, and conducted an assessment of the attack.
"Bank Indonesia has carried out recovery, audits, and mitigation so that these attacks do not recur by implementing the established IT disruption mitigation protocol," Erwin said.
Erwin explained, his party has carried out, among others, formulating policies, standards and guidelines for cyber resilience, developing cyber security technology and infrastructure, as well as building cooperation and coordination with various parties in anticipating the occurrence of a cyber attack incident.
No Ransom RequestAnton stated that the Bank Indonesia Bengkulu branch system had now recovered, and emphasized that the Conti ransomware group did not demand a ransom for the data taken, meaning that there were no transactions from both parties.
"Bank Indonesia ensures that Bank Indonesia's operational services remain under control in supporting the community's economic activities," said Erwin.
The Most Cruel Ransomware GangThe Conti ransomware gang is a group based in Russia under the pseudonym Wizard Spider, and is called the most violent of the bunch. This gang is said to have committed many crimes in the cyber world.
According to the pages of the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA), Conti has carried out 400 attacks in the country and various international organizations.
They steal files, encrypt servers and workstations and demand ransom payments to restore stolen data. Conti is a type of ransomware dubbed ransomware-as-a-service (RaaS), there are variations in its structure that distinguish it from the regular affiliate model. It's more likely that Conti's developers pay ransomware spreaders a fee rather than a percentage of the proceeds from successful attacks.
They usually break into networks via spear phishing from emails with malicious attachments or links. Then, they log in via weak Remote Desktop Protocol (RDP) credentials, phone calls, fake software with SEO, malware distribution networks or other vulnerabilities in external assets that they easily gain on the victim.
If an organization falls victim to ransomware, the CISA, FBI, and NSA strongly discourage paying the ransom. Paying the ransom may encourage adversaries to target additional organizations, encourage other criminals to become involved in the distribution of the ransomware, and does not guarantee that victims' files will be recovered.
Things that need to be done if you become a victim of the ransomware attack, among others, require multi-factor authentication (MFA), implement network segmentation, and keep the operating system and software up to date.