AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their knees

New ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Brain Cipher is a new ransomware group that hit a data center in Indonesia, encrypting government servers and disrupting vital services. They demanded a ransom of $8 million in Monero. Ransomware encrypts both data and file names, making recovery difficult.

This pill is also available in Italian language

A new ransomware group called Brain Cipher has recently appeared on the international scene, spreading panic among cybersecurity specialists. This group launched a devastating attack on a data center in Indonesia, putting the growing danger of cyber threats under the spotlight. Indonesia is currently developing new national data centers to optimize the management of online services for citizens and to store data securely. However, on June 20, a cyber attack hit one of these centers, encrypting government servers and disrupting various critical online services such as immigration, passport control and public event authorizations. This attack had notable consequences, disrupting the operations of over 200 government agencies and leading to a ransom demand of $8 million in Monero, with a promise not to disclose the stolen data if the ransom was paid.

Impact and ransom demands

The Indonesian government has confirmed that the ransomware attack is the work of the Brain Cipher group, which has been active since early June and is known for targeting various organizations globally. Popular security firm Broadcom released a bulletin regarding Brain Cipher on June 16, highlighting the threats posed by this new group. At first, Brain Cipher operated without a website for posting stolen data, but recent ransom demands indicate that it now has a dedicated portal. The structure of Brain Cipher ransomware is based on LockBit 3.0, but has some differences: In addition to encrypting files, the ransomware adds a specific extension and also encrypts file names. Ransom demands are documented in text files containing explanations of the event, payment instructions, and threats related to publishing the data on a Tor site.

Technical features of Brain Cipher

Based on the LockBit 3.0 builder, Brain Cipher is notable for some technical changes that further complicate the lives of IT administrators affected by ransomware. The main feature of Brain Cipher is the additional extension to encrypted files and the encryption of the file name itself, making decryption even more complex. Currently, there is no decryptor that can recover files encrypted by Brain Cipher, other than through paying the requested ransom. This poses a serious threat to affected organizations, as data recovery is closely linked to satisfying the demands of cybercriminals. Brain Cipher's approach is methodical: initial compromise of the corporate network, lateral movement within the infrastructure until administrator credentials are acquired, and finally, global data encryption.

Attack and defense strategy

The strategy used by Brain Cipher follows attack models already known in the ransomware landscape. After the initial compromise of the corporate network, the ransomware spreads laterally affecting other connected devices. The ultimate goal is to gain administrative access to the network to deploy the ransomware on a large scale. A worrying aspect of Brain Cipher is the use of double extortion: before encrypting the data, the attackers steal it, so that they can threaten the victim with the disclosure of sensitive data if the ransom is not paid. This method significantly increases the pressure on victims, forcing them to make quick and often painful decisions to safeguard the confidentiality of their data. To protect yourself from these advanced threats, it is critical to implement robust security measures, including regular backups, continuous monitoring, and staff training on cybersecurity practices.

Follow us on Google News for more pills like this

07/01/2024 19:32

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises