What Is Windows Defender? PDN Security System Ransomware Attack Case

What is Windows Defender (Freepic)

YOGYAKARTA - The National Cyber and Crypto Agency (BSSN) said that the 2tig PDNS hack in Surabaya had been detected since January 17, 2024. The hacking action started with efforts to deactivate the Windows Defender security system. So what is Windows Defender and how it works?

After the Windows Defender antivirus was paralyzed, three days later the PDN system was broken into. PDNS 2 experienced disruption from June 20, resulting in several public services being paralyzed. One part that was disrupted by this hack was Immigration.

"Malicious activities began on June 20, 2024 at 00.54 WIB, including installing malicious files, deleting important files systems, and disabling ongoing services," said Ariandi, quoted from a press release from the Ministry of Communication and Information (Kominfo), Tuesday, June 25.

The deactivation of Windows Defender triggers a happy activity to run to break into, damage, and leak personal data. It is important to find out what Window Defender is and its usefulness in data security systems,

Windows Defender is a software that functions to protect against malware. Windows Defender is an antiviral or security software from Microsoft that is included for free if you buy another Microsoft license, such as Microsoft 365.

Since Windows 8, Windows Defender has been part of the pre-installed system. This software serves to identify and remove viruses, spyware, and other malicious software (malware).

In the latest generation, namely Windows 10 and Windows 8, Windows Defender is available by default. That way this software can be used without having to be activated first.

Windows Defender is quite sensitive to new things that come in. In some cases, it is reported that when installing or running certain applications, the process becomes difficult because Windows Defender rejects the application as a virus.

BSSN reported that the Windows Defender system experienced Crash and could not operate on June 20, 2024 at 05.00 WIB. Based on the results of preliminary forensic analysis, BSSN found that the files that were being paralyzed included VSS, VirtualDisk, HyperV Volume, and Veaam vPower NFS.

So far, BSSN is still trying to recover the system by migrating data on the server. It revealed that BSSN managed to find the source of the attack from a ransomware file called Brain Chiper Ransomware.

"Currently, the BSSN team is still in the process of making a thorough investigation of the forensic evidence obtained with all limited evidence or digital evidence due to the encrypted privacy condition due to the ransomware attack," said BSSN spokesman Ariandi Putra.

After detecting the source of the Brain Chiper Ransomware attack, BSSN is still in the process of carrying out a thorough investigation. Further analysis will be carried out involving other cybersecurity entities. BSSN said that this step is very important as a lessons learned as well as mitigation efforts so that similar incidents do not occur.

The Brain Cipher virus is a mutation of ransomware lockbit 3.0. Brain Cipher is classified as a new ransomware in the world of hacking or hackers.

"This [hacker] group appears to have carried out multiple extortion - infiltrating sensitive data and encrypting it. The victims were given encryption IDs for use on the group's Onion website to contact them," Symantec said on their official website.

Demikianlah review tentang apa itu Windows Defender dan fungsinya dalam sistem keamanan. Windows Defender merupakan software antivirus yang bisa melindungi sistem komputer dari gangguan malware. Baca juga apa itu server PDN yang sedang terkena hackan.

Stay up to date with the latest domestic and other overseas news on VOI. We present the latest and updated information nationally and internationally.