The Reversal of the Brain Cipher Group after the Attack on Indonesia Terkoneksi

Pietro Melillo : 3 July 2024 15:44

In recent days, the ransomware group known as Brain Cipher severely hit the data center of Indonesia Terkoneksi, an attack that crippled the company’s technological infrastructure. However, in a surprising turnaround, the group decided to release the decryption keys for free. Here are the details of this complex and controversial incident.

Indonesia Terkoneksi

Indonesia Terkoneksi is an initiative by the Indonesian government through the Ministry of Communication and Informatics (Kominfo), aimed at improving and expanding the digital infrastructure throughout the country. The goal is to ensure a stable and accessible internet connection even in the most remote and disadvantaged areas of the country, contributing to Indonesia’s digital transformation.

The First Post: Justifying the Attack

The first post published by the Brain Cipher group on their deep web site aimed to answer the most frequent questions regarding the attack and the decision to provide the decryption keys for free. Here are the main points:

• Autonomous Decision: The group emphasized that the decision to release the keys was not influenced by interventions from law enforcement or special services but was made independently.
• Team Unity: Contrary to what one might think, there were no misunderstandings within the team; all members supported this decision.
• Unique Event: This will be the first and last time a victim receives the keys for free. For all future attacks, victims will have to negotiate.
• Attack Motivations: The attack targeted a data center to demonstrate the vulnerability of industries requiring significant investments. Brain Cipher stated that the ease with which they carried out the attack was surprising, managing to encrypt thousands of terabytes of data in a short time.
• Negotiation Deadlock: The negotiations reached a deadlock when the other party handed over access to third parties, effectively ending direct communications.
• Thanks to Citizens: Brain Cipher expressed gratitude to the citizens for their patience during the attack period.
• Conclusion: The group requested the victim to officially confirm that the decryption key works and that the data has been restored, threatening to publish the data otherwise. They also provided detailed instructions on how to use the decryption key.

The Second Post: Public Statement

Vuoi diventare un esperto del Dark Web e della Cyber Threat Intelligence (CTI)?
Stiamo per avviare il corso intermedio in modalità "Live Class", previsto per febbraio.
A differenza dei corsi in e-learning, disponibili online sulla nostra piattaforma con lezioni pre-registrate, i corsi in Live Class offrono un’esperienza formativa interattiva e coinvolgente.
Condotti dal professor Pietro Melillo, le lezioni si svolgono online in tempo reale, permettendo ai partecipanti di interagire direttamente con il docente e approfondire i contenuti in modo personalizzato. Questi corsi, ideali per aziende, consentono di sviluppare competenze mirate, affrontare casi pratici e personalizzare il percorso formativo in base alle esigenze specifiche del team, garantendo un apprendimento efficace e immediatamente applicabile.
Non perdere i nostri corsi e scrivi subito su WhatsApp al numero
379 163 8765  per richiedere informazioni "

Supporta RHC attraverso:

• L'acquisto del fumetto sul Cybersecurity Awareness
• Ascoltando i nostri Podcast
• Seguendo RHC su WhatsApp
• Seguendo RHC su Telegram
• Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

In the second post, Brain Cipher further clarified their position and announced the decision to release the keys for free:

• Public Statement: The group declared that they would release the keys at no cost the following Wednesday, hoping that the attack had demonstrated the importance of adequately funding the tech industry and hiring qualified personnel.
• Apologies to Citizens: They publicly apologized to Indonesian citizens for the impact of the attack, emphasizing that it had no political context but was a penetration test with post-payment.
• Request for Gratitude: They requested public gratitude and confirmation that the decision was made consciously and independently. If the government finds it inappropriate to publicly thank the hackers, they can do so privately.
• Donations: They left a Monero address for potential donations, hoping to receive something in return for the key provided for free.

Final Considerations

The attack by Brain Cipher on Indonesia Terkoneksi and the subsequent free release of the decryption keys represent an extraordinary event in the world of ransomware. Although the group tried to justify their actions as a way to highlight the need for greater investments and skills in the tech industry, their motivations and the context of the attack remain questionable.

The tech industry and governments worldwide must learn from this incident, improving their cyber defenses and taking the threats posed by ransomware groups seriously.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"