Cyber Security

The improbable tale of how Indonesia got its ransomed data back

If you can't beat them, try confusing them.

Paul Mah

Paul Mah

2 min read
The improbable tale of how Indonesia got its ransomed data back
Photo Credit: Unsplash/Afif Ramdhasuma. Jakarta.

If you can't beat them, confuse them - the improbable tale of how Indonesia got its ransomed data back.

  • You know that adage about crime not paying? Turns out it's really true.
  • Just ask the cyber criminals who pulled off what was probably the data centre heist of the decade.

And walked away empty-handed.

When I read the reflections of Joel Shen, everything fell into place. But first, what happened?

Ransomware attack

In July, I wrote about how Indonesia's Temporary National Data Centre (PDN) was compromised by the hacking group Brain Cipher and infected with ransomware.

  • Got in via admin account with a weak password*.
  • It took down multiple government services.
  • Revealed a lack of data backups.

The impact was significant, with days-long disruptions to public services. The villain, Brain Cipher, demanded US$8M ransom for the decryption key.

*A document circulated claimed it was "Admin#1234".

Finger-pointing exercise

What happened next took a surreal turn.

I quote from Joel's acerbic observations:

  • A week after the hack, the President ordered a "governance and financial" (but not technical) audit of the government data centres."
  • A parliamentary commission set up to inquire about the incident concluded "If there is no backup, that's not a lack of governance, that's stupidity."
  • A director-general in the communications ministry eventually resigned "in the wake of the largest finger-pointing exercise the industry had ever seen."

In the meantime, "the hapless Brain Cipher watched in bewilderment, confused that no one in government seemed to want their data back."

From zero(es) to hero

Presumably having made no progress to discuss its ransom demand, the hacker group eventually returned the encrypted data to the Indonesian government, for free.

It even apologised to the Indonesian people for the inconvenience. But just in case, it shared details of an account to accept donations for their magnanimity.

Brain Cipher did threaten to release pilfered data (double extortion) if the government failed to publicly acknowledge its receipt of the decryption key.

Was the stolen data truly deleted? It is impossible to verify, unfortunately.

Conclusion

Indeed, life is sometimes stranger than fiction.

In the meantime, do back up your data, even if it's not kept in a data centre.

Read Joel's "Life is sometimes stranger than fiction" here.

Read more