Heaptalk, Jakarta — The National Cyber and Encryption Agency (BSSN) has revealed that Brain Cipher ransomware disrupted the temporary National Data Center server. The incident affected the operations of 210 government institutions, including immigration services at Soekarno-Hatta International Airport.
“This ransomware is the latest development of Lockbit 3.0 ransomware. This ransomware has been continuously developed, and this is the latest version based on the sample we analyzed during the forensic examination by BSSN,” stated Hinsa Siburian, Head of BSSN, during a press conference in Jakarta (06/24).
Hinsa further explained that the disruption of the government cloud computing services began with the deactivation of the Windows Defender security feature on June 17, 2024, at 23:15 Western Indonesia Time, which allowed malicious activities to proceed.
Deleting critical filesystems
Following this, malicious activities were detected on June 20, 2024, at 00:54 Western Indonesia Time, including installing malicious files, deleting critical filesystems, and deactivating running services. Files related to storage, such as VSS, HyperV Volume, VirtualDisk, and Veaam vPower NFS, began to be disabled and crashed. Hinsa noted, “It was found that on June 20, 2024, at 00:55 Western Indonesia Time, Windows Defender crashed and could not operate.”
Currently, BSSN is coordinating with the Ministry of Communication and Informatics (Kominfo), Cyber Crime Police, and the Telkom-Sigma-Lintasarta joint operation team to investigate the forensic evidence obtained comprehensively. However, the team faces challenges due to limited digital evidence, as the Brain Cipher ransomware attack encrypted it.
As of Monday, June 24, 2024, at 07:00 Western Indonesia Time, the affected immigration services have resumed normal operations, including visa and residence permit services, immigration checkpoint services, passport services, visa-on-arrival services, onboarding services, and immigration document management services.
