The New Ransomware Behind Indonesia’s Data Center Attack

The New Ransomware Behind Indonesia's Data Center Attack
  • July 5 2024
  • BCS

A new ransomware operation known as Brain Cipher has emerged, targeting organizations globally. This ransomware recently gained significant media attention following an attack on Indonesia’s temporary National Data Center.

Impact on Indonesia’s National Data Center

Indonesia is developing National Data Centers to securely store government servers used for online services and data hosting. On June 20th, a cyberattack on one of these temporary centers encrypted government servers, disrupting crucial services such as immigration, passport control, and event permit issuance. The attack affected over 200 government agencies, causing significant operational disruptions.

Brain Cipher Ransomware

Brain Cipher is a new player in the ransomware landscape, launching attacks on various organizations worldwide. The ransomware gang initially operated without a data leak site, but recent ransom notes now link to one, indicating a shift towards double-extortion tactics. The attackers demanded $8 million in Monero cryptocurrency for a decryptor and to prevent the leak of allegedly stolen data.

The ransomware (sample1, sample2, sample3) is created using the leaked LockBit 3.0 builder, with minor modifications. The ransom notes are named in the format of [extension].README.txt, providing brief descriptions of the attack, threats, and links to Tor negotiation and data leak sites.

New Data Leak Site

Brain Cipher, like other ransomware operations, breaches corporate networks, spreads laterally, and steals corporate data before encrypting files. The stolen data is used as leverage, threatening victims with public release if the ransom is not paid. The ransomware has recently launched a new data leak site, though it currently lists no victims.

The encryptor is based on the well-analyzed LockBit 3 encryptor, and unless Brain Cipher has made significant changes to the encryption algorithm, there are no known ways to recover files for free.

Stay informed about the latest cybersecurity threats and learn how to protect your organization from ransomware attacks with Boyang.

Related Links:

Hackers Breach 20,000 FortiGate Systems

Chinese Spy Bases In Cuba

Previous Post
Chinese Hackers Breach 20,000 FotiGate Systems Worldwide
 Next Post
Cloudflare DNS Service Disrupted by BGP Hijacking

Leave a Comment

en_USEnglish
zh_CNChinese en_USEnglish