The Indonesian central bank was hit by ransomware, but the threat was reduced and the attack had no impact on the country's essential services. As per the bank, the situation was contained before it had a negative influence on BI's essential services, as Reuters initially reported.
"Last month, BI was informed of a ransomware attack. The bank was targeted by a cyber-attack. This is a true crime, the bank had witnessed," said Erwin Haryono, spokesman for Bank Indonesia.
According to CNN Indonesia, the criminals allegedly took "non-critical" staff data and planted ransomware payloads on multiple computers on the bank's network during the attack on a central bank branch on the island of Sumatra. While Bank Indonesia didn't disclose who was behind the ransomware assault, security experts believe it was perpetrated by the Conti ransomware gang.
Conti is a Russian-speaking ransomware cell that has infected over 400 companies globally, including 290 in the United States alone. Phishing emails (malicious URLs or attachments) or stolen/cracked windows remote protocol (RDP) credentials are primarily used attack vectors by Conti attackers to access victim networks.
The group appears to target high-profile company networks, which infiltrate by using BazarLoader or TrickBot malware to gain illegal remote access to crucial devices. Threat actors strive to spread the infection by infecting additional linked devices after compromising the network. The cybercriminals then take records, encrypt servers and desktops, and demand a ransom payment.
The Conti ransomware group claimed responsibility for the attack and listed Bank Indonesia among its victims on a Tor leaks site, claiming to have stolen about 14 GB (13.88 GB) of data.
Ransomware is used by cybercriminals to infiltrate selected network operations, infect critical data, and encrypt systems, rendering it unavailable to others. To decrypt infected systems, threat actors demand a ransom. If the victim continues to resist, hackers can threaten to expose secret information in order to put more pressure on the individual or organization.
Bank Indonesia should analyze the severity of the attack, according to Miftah Fadhli, a cybersecurity specialist at the NGO Institute of Policy Research and Advocacy (ELSAM), because it might "carry a major danger" and affect its transactions.
