Jakarta, INTI – The recent cyber attack using Brain Cipher ransomware has caused significant disruption to the National Data Center (PDNS) 2. This incident not only hindered various public services but also highlighted the importance of understanding how this ransomware works and the necessary mitigation steps to prevent similar attacks in the future.
What is Brain Cipher Ransomware?
Brain Cipher is a new variant of the Lockbit 3.0 ransomware, known as one of the most dangerous types of malware. This ransomware is designed to encrypt data and files on the servers it attacks, rendering them inaccessible to the owners without a decryption key held by the hackers. After encrypting the data, the hackers typically demand a ransom in cryptocurrency to provide the decryption key.
How the Brain Cipher Attack Unfolded
According to preliminary forensic analysis by the National Cyber and Crypto Agency (BSSN), the Brain Cipher attack on PDNS 2 began on June 17, 2024, at 11:15 PM WIB. At that time, the Windows Defender security feature on the PDNS 2 server was disabled, allowing malicious activities to proceed undetected. These activities were first detected on June 20, 2024, at 12:54 AM WIB, when the hackers started installing malicious files, deleting crucial filesystems, and disabling active services.
"Malicious activity began on June 20, 2024, at 12:54 AM WIB, including installing malicious files, deleting important filesystems, and disabling running services. On June 20, 2024, at 12:55 AM, Windows Defender crashed and became inoperative," explained BSSN spokesperson Ariandi Putra.
Impact on Public Services
The Brain Cipher ransomware attack on PDNS 2 significantly affected 282 tenants, which include various government ministries and agencies. Among the impacted public services were immigration services, event permits from the Coordinating Ministry for Maritime Affairs and Investment (Kemenkomarves), and services from the National Public Procurement Agency (LKPP).
Deputy Minister of Communication and Information Technology, Nezar Patria, stated that the recovery team is working intensively around the clock to restore the disrupted services. So far, several key services, such as immigration services and event permits from Kemenkomarves, have gradually been restored.
Recovery Efforts
The recovery process is being carried out in several phases. In the short term, backup data from PDNS 1 and PDNS 2 is being used to restore services at a temporary Disaster Recovery Center (DRC) in Tangerang. Meanwhile, Telkom Sigma and Lintas Arta are responsible for the medium-term recovery of PDNS 2, alongside ongoing forensic analysis of the attack.
Herlan Wijanarko, Director of Network & IT Solution at PT Telkom Indonesia Tbk, explained that PDNS services are supported by two data centers located in Tangerang and Surabaya, as well as a cold backup DRC in Batam. “After the disruption at PDNS 2 Surabaya due to the Brain Cipher ransomware attack, 282 tenants were affected. Short-term recovery is being conducted by restoring services at the temporary DRC in Tangerang using available backup data,” he explained.
In the long term, a complete normalization of the PDNS 2 architecture will be carried out once all services are fully operational. These steps are expected to strengthen the security system and prevent similar attacks in the future.
Preventive and Mitigation Measures
Deputy Minister Nezar Patria emphasized that this incident serves as an important lesson for all parties to enhance digital transformation security. “We must not be defeated or deterred by this incident. Of course, we must learn a lot and create a system that closes all possibilities for similar incidents to occur again,” he stated.
Indonesia has several cybersecurity guidelines and standards issued by BSSN. However, cyber attacks continue to evolve and become more sophisticated. Therefore, it is crucial to continually update and strengthen cybersecurity protocols.
Samuel A. Pangerapan, Director General of Informatics Applications at the Ministry of Communication and Information Technology, added that every country in the world must adopt strict security protocols to protect their digital data and systems. “With the advancement of technology and the internet becoming increasingly connected worldwide, the issue of cybersecurity has become very important,” he said.
The Brain Cipher ransomware attack has significantly impacted the National Data Center (PDNS) 2 and various public services in Indonesia. However, with swift recovery measures and stringent mitigation actions, the government is working to ensure that similar incidents do not happen again in the future. The importance of cybersecurity must be enhanced to protect data and digital systems from increasingly complex threats.
To support the development of the economy, technology, and the digital world, the Indonesia Internet Expo and Summit 2024 within the Indonesia Technology and Innovation (INTI-2024) will be an ideal platform to see the latest innovations in technology and the internet. INTI is the largest technology and innovation exhibition and conference in Indonesia. Join and register yourself to get the latest information and participate in the event. https://inti.asia/
20 jam yang lalu
20 jam yang lalu
Ad