 |
An international data breach affecting one of Indonesia's leading Islamic banks, Bank Syariah Indonesia, caused significant disruptions to its normal operations and payment systems which in turn hampered the business flow. Customers’ personal and financial details have been compromised due to this breach.
The infamous ransomware group, LockBit claims to have spread 1.5 TB data belonging to the customers and employees of Bank Syariah Indonesia, on the dark web sites. Millions of BSI customers' identity data was leaked by the LockBit gang. The gang did not receivethe demanded ransom in time which led to the same.
Over the past few years, companies and government agencies have had several data breaches in Indonesia. A cybersecurity expert described it as one of the biggest breaches at a financial institution in the country.
During the Bank Syariah Indonesia cyberattack, the ransomware group requested the termination of all services. The management of the company lied to their customers and partners that the stoppage was a result of the technical work they were carrying out.
Earlier today, it was reported that LockBit 3.0 was distributing 1.5 TB of BSI bank data at a fantastic price to dark sites posted on a Twitter account named @darktracer_int.
CNN Indonesia reports the attackers stole "non-critical data" belonging to Bank Indonesia employees during the incident. They then used ransomware payloads to infect several dozen systems within the bank's network before extorting money from the bank.
According to the bank, there have been no reported impacts on BI's public services due to the incident, as first reported by Reuters.
"BI is aware of a ransomware hack last month. We know we have been hit by a cyberattack. This is a crime, it is real, and we are exposed to it," Erwin Haryono, head of BI's communications department, told local media outlets that it is a crime.
Following Bank Syariah Indonesia's cyberattack on 15 May, ransom payments were due by this date. As a result of the ransomware attack on Bank BSI, the group had access to the following data:
Over 15 million individual records can be found in nine databases containing personal information. Customer service and employee service are both part of this.
A person's name, phone number, address, account data, card details, and transaction details are collected.
Legal documents are legally binding documents.
In the bank, all internal and external services have passwords needed to access them.
In a statement released on Wednesday, the central bank of Indonesia said it is confident that the country's payment system is safe and reliable for any transaction.
Additionally, the authorities stated that they would continue to ensure that payment service providers meet all regulatory requirements in the future. BSI's payment system (under Bank Indonesia's supervision) has also returned to normal.
BSI President and Chief Executive Officer Henry Gunardi announced on May 11 that ATMs and bank branches are now available to the public again. According to him, an important part of the restoration process was strengthening capacity and restoring key channels of communication. A BSI official explained that the disruption occurred on May 8 as a result of company maintenance on the company's information technology system. This maintenance was conducted to mitigate risks.
A previous version of the ransomware group's communication with bank representatives between the dates of May 8 and May 13 had been published as well. As can be seen in the screenshots, the bank offered a payment of $10 million to recover the stolen data to get the data back. After requesting $20 million from LockBit, the company disappeared without a trace.
Earlier this month it was reported that the LockBit ransomware group sent a tweet announcing the end of the negotiation period, and all of the stolen data from Bank Syariah Indonesia is now publicly available on the black market.
After a month of being taken down, Bank BSI has not been able to return its systems to function. This is even after LockBit wrote a rant. A class action lawsuit is being filed as a result of users finding their data with a data leak and then going to court and bringing the case to court.
Despite Bank Indonesia not stating which ransomware gang was responsible for the attack, Conti posted a series of files that it claims were stolen from Bank Indonesia's network today which they claim helped expose the attack.
The ransomware group claims that if Bank Indonesia does not pay the ransom to them, 13.88 GB of information will be exposed to the public.
As of earlier today, when BleepingComputer contacted a representative of Bank Indonesia, he did not have any comments to offer.
It's imperative to remember that this type of Ransomware-as-a-Service (RaaS) is linked to the Russian cybercriminal group Wizard Spider, which is also responsible for other notorious malware, such as Ryuk, TrickBot, and BazarLoader.
As soon as corporate workstations infected with BazarLoader or TrickBot malware are breached by these ransomware groups' affiliates, the ransomware group's affiliates gain remote control of the compromised computers using command and control systems.
As soon as the Conti operators gain access to the victim's internal network, they will disrupt other devices scattered throughout the victim's network. This will spread malware.
In addition to Ireland's Department of Health (DoH) and Health Service Executive (HSE), Conti also attacks marketers RR Donnelly (RRD), who sell services to the government.
There has also been a recent update to the FBI's advisory warning that an increased number of Conti ransomware attacks have been reported as a result of increased Conti activity. The FBI recently released an advisory warning regarding increased Conti activity.
