The data system of Bank Indonesia (BI) was allegedly attacked using Conti ransomware by a Russian-based hacking group. Data totaling 487.09 MB was successfully breached and stolen by the hackers.
BI’s Head of Communications Department, Erwin Haryono, confirmed the case, stating that BI was affected by a cyberattack last month. However, Haryono did not specify which BI system was successfully breached.
Several Data Points Targeted by Russian Perpetrators
- The Conti website displayed 16 file folders containing various types of data, ranging from community savings positions in rupiah, commercial bank foreign exchange (forex), to receipts (bon).
- Bank Indonesia stated that this data is part of the Indonesian Economic and Financial Statistics which is publicly available and accessible on BI’s website.
- Conti is a ransomware operated by the Wizard Spider hacking group, based in Russia.
- This malware can steal or lock victim data until a ransom is paid, typically in cryptocurrency such as Bitcoin. It is currently unknown whether the hackers demanded a ransom from Bank Indonesia.
Payment System Confirmed to Remain Secure
Erwin Haryono assured that BI’s payment system remains secure and that there has been no disruption to the services provided by BI.
Following the attack, BI took several steps:
- Conducted a comprehensive assessment, recovery, audit, and mitigation of the attack.
- Ensured that BI’s operational services were uninterrupted, remained under control, and continued to support the community’s economic activities.
- Implemented several IT disruption mitigation protocols, including drafting stricter standard policies and cyber resilience measures.
- Developed stronger cybersecurity technology and infrastructure, extending even to the employee data level.
- Built cooperation and coordination with various parties to anticipate subsequent incidents.
