Mengenal Brain Cipher, Hacker yang Klaim Bertanggung Jawab atas Serangan ke PDN

Kompas.com

2 Jul 202403:14

Summary

TLDRA recent account on the Dark Web claiming to represent the hacker group 'Brain Cyper' announced they would provide a free decryption key for data held hostage in a ransomware attack on Indonesia’s national data center (PDNS). The ransomware attack, using a variant of Lock 3.0, occurred on June 20, 2024. Brain Cyper apologized to the Indonesian public and advised the government to strengthen cybersecurity measures. They also warned victims not to involve authorities during negotiations, threatening to leak the stolen data if terms were violated.

Takeaways

🔐 A group called Brain Cyper has claimed responsibility for a ransomware attack on Indonesia's national data center.
🗓️ Brain Cyper announced they will release the decryption keys for free on July 3, 2024, after previously stating June 20, 2024.
💻 The ransomware attack was executed using a variant named Lock 3.0, suggesting a more advanced form of cyber threat.
🌐 The announcement on the Dark Web was titled 'More Important Than Money: Only Honor', including a logo of Kenkomino.
🚨 Brain Cyper urged the Indonesian government to improve its cybersecurity systems in response to the attack.
🙏 They also apologized to the Indonesian people for the disruption caused.
💬 The group set specific rules for ransom payment, including the use of cryptocurrency Monero and no involvement of security agencies like the FBI or NSA.
🚫 If the conditions are violated, Brain Cyper threatens to halt negotiations and publish the victim's data on their website.
🔒 Brain Cyper's ransomware not only adds an extension to encrypted files but also encrypts the file names.
💼 The group infiltrates company networks, steals admin credentials, and spreads the ransomware to lock all data, using stolen data as leverage for ransom demands.

Q & A

What is the significance of the 'brand cyper' account on the Dark Web?
-The 'brand cyper' account on the Dark Web recently claimed to offer free decryption keys to unlock data from the national data center, following a ransomware attack.
When did the ransomware attack on the national data center (PDNS) occur?
-The ransomware attack on PDNS occurred on June 20, 2024.
What is Brain Cyper, and what role did they play in the attack?
-Brain Cyper is a hacker group suspected of being responsible for the ransomware attack on the national data center (PDNS).
What is the title of the announcement posted by Brain Cyper on the Dark Web?
-The announcement is titled 'More Important Than Money, Only Honor.'
What is Brain Cyper's message to the Indonesian government?
-Brain Cyper advised the Indonesian government to improve its cybersecurity systems in response to the ransomware attack.
Did Brain Cyper apologize to the public? If so, why?
-Yes, Brain Cyper apologized to the Indonesian public for the disruption caused by their ransomware attack.
What conditions did Brain Cyper impose for the ransom payment?
-Brain Cyper stated that ransom payments must be made via blockchain using the cryptocurrency Monero, and victims must not involve law enforcement agencies like the FBI, CSI, or NSA.
What could happen if Brain Cyper's ransom conditions are violated?
-If the conditions are violated, Brain Cyper will cease negotiations and publish the victim's data on their website.
What type of ransomware did Brain Cyper use, and how is it unique?
-Brain Cyper used a modified version of Lockid 3.0 ransomware, which not only encrypts files but also encrypts file names.
How does Brain Cyper execute its ransomware attacks?
-Brain Cyper penetrates a company or institution's network, moves laterally to other devices, steals admin credentials, and deploys ransomware to encrypt data while stealing it to extort the victim.

Outlines

00:00

🔐 Dark Web Hacker Group Claims to Offer Free Decryption Key

Recently, an account posing as the 'Brain Cyper' hacker group emerged on the Dark Web, claiming they would release a free key to unlock the national data center’s encrypted data. They plan to release this key on Wednesday, July 3, 2024. The data center, responsible for managing government data, was attacked by ransomware on June 20, 2024. The ransomware, named 'Brain Cyper,' targeted the PDNS (Public Data National Service).

🕵️‍♂️ Who is Brain Cyper?

Brain Cyper is a hacker group believed to be responsible for the recent ransomware attack on the PDNS. In a Dark Web post titled 'More Important than Money, Only Honor,' the group issued a statement featuring their logo and apologized to the people of Indonesia for the chaos they caused. They urged the government to improve its cybersecurity measures while outlining rules for ransom payments.

💰 Ransom Payment Rules and Threats

Brain Cyper listed strict guidelines for ransom payments, insisting they be made through the Monero cryptocurrency via blockchain without involving authorities like the FBI, CSI, or NSA. Any violation of these rules would result in the cessation of negotiations and the public release of the victim's data. If negotiations succeed, the group promised to delete all stolen data from their servers.

🚨 Limited Documentation of Brain Cyper's Activities

So far, there are few documented cases of attacks by Brain Cyper. According to malware analyst Lawrence Abrams, the group is believed to have only started operating in June 2024, with Indonesia being one of its first victims. Ransomware samples attributed to Brain Cyper have been spotted on various malware sites in recent weeks.

🛠 Brain Cyper's Ransomware: A Modified Version of Lockid 3.0

The Brain Cyper ransomware is a modified version of the Lockid 3.0 ransomware, which was leaked and repurposed by other hackers. Brain Cyper made some changes to the encryption process, including encrypting file names in addition to file extensions, making recovery more difficult for victims.

🎯 Methods and Goals of Brain Cyper Attacks

Brain Cyper executes their ransomware by infiltrating an organization's network and moving laterally to other devices. They steal administrator credentials and encrypt the entire system's data. Before encrypting, they steal the company’s data, using it to blackmail victims into paying the ransom.

Mindmap

Keywords

💡Dark web

The Dark Web refers to a hidden part of the internet where users can remain anonymous and access websites not indexed by traditional search engines. In the video, a group claiming to represent 'Brain Cyper' posted on the Dark Web offering free decryption keys for data held hostage after a ransomware attack. This highlights the illicit use of the Dark Web for cybercriminal activities.

💡Brain Cyper

Brain Cyper is identified as a hacker group responsible for a ransomware attack on Indonesia's National Data Center (PDNS). The group is relatively new, with activity traced back to June 2024. Their ransomware operation, as described in the video, involves encrypting data and demanding ransoms from victims, marking them as a serious cybersecurity threat.

💡Ransomware

Ransomware is a type of malicious software that encrypts data on a victim’s system, making it inaccessible until a ransom is paid. In this video, Brain Cyper used ransomware called 'Lock 3.0' to attack PDNS, encrypting sensitive data and demanding a ransom in exchange for the decryption key. This highlights the growing threat of ransomware to critical infrastructure.

💡PDNS (Pusat Data Nasional)

The PDNS, or Pusat Data Nasional, is Indonesia's National Data Center, which stores and manages government data. The video explains that PDNS was targeted by Brain Cyper in a ransomware attack, compromising the government's information security. This emphasizes the vulnerability of national infrastructure to cyberattacks.

💡Encryption

Encryption refers to the process of converting data into a coded format to prevent unauthorized access. In the video, Brain Cyper's ransomware not only encrypted files but also the names of the files, making it harder for victims to retrieve their data without paying a ransom. Encryption is central to the operation of ransomware.

💡Monero

Monero is a cryptocurrency known for its strong focus on privacy and anonymity. In the video, Brain Cyper demands ransom payments through Monero, emphasizing the group's preference for a currency that is difficult to trace, further complicating law enforcement efforts to track down the perpetrators.

💡Lock 3.0

Lock 3.0 is the ransomware strain used by Brain Cyper in their attack. According to the video, this ransomware was based on a leaked version of Lockid 3.0, a previously known ransomware. Brain Cyper modified this version to enhance its encryption methods, demonstrating the adaptability of ransomware developers.

💡Blockchain

Blockchain is a decentralized technology often associated with cryptocurrencies like Monero. In the context of the video, Brain Cyper's demand for ransom through blockchain platforms underlines the importance of blockchain in secure, anonymous transactions, which is exploited by hackers for ransom payments.

💡Honor over money

This phrase, used by Brain Cyper in their Dark Web post, suggests that the group values 'honor' or their reputation above financial gain. While they demand a ransom, they also claim to offer a free decryption key as an 'honorable' gesture, portraying themselves as principled hackers. This could be a tactic to build credibility in future attacks.

💡Lateral movement

Lateral movement refers to the technique hackers use to spread across a network after initially breaching one system. In the video, Brain Cyper is described as using lateral movement to extend their ransomware attack throughout an organization's network, ensuring that all devices are compromised and data is locked down.

Highlights

A new account claiming to be associated with the Brain Cyper brand has appeared on the Dark Web, offering free keys to unlock the National Data Center data.

Brain Cyper announced they would release the free decryption key on Wednesday, July 3, 2024.

On June 20, 2024, the National Data Center (PDNS) was attacked by a ransomware variant named Lock 3.0, developed by Brain Cyper.

Brain Cyper is suspected to be responsible for the recent ransomware attack on PDNS.

The Dark Web announcement was titled 'More Important Than Money, Only Honor' and featured the Kenkomino logo.

Brain Cyper's ransomware attack led them to request the Indonesian government to enhance its cybersecurity systems.

Brain Cyper apologized to the Indonesian people for the disruption caused by their ransomware attack.

Brain Cyper outlined several rules for ransom payment, including the requirement to use the Monero cryptocurrency through blockchain platforms.

If a third party such as FBI, CSI, or NSA is involved, Brain Cyper threatens to halt negotiations and publicly release victim data.

Brain Cyper promises to delete all uploaded data from their servers if negotiations proceed smoothly.

Ransomware samples linked to Brain Cyper have been uploaded to various malware sites in recent weeks.

Brain Cyper ransomware is based on the leaked Lockid 3.0 ransomware, which other hackers have repurposed.

Brain Cyper made minor modifications to the encryption, including encrypting both file contents and file names.

Before encrypting data, Brain Cyper hackers steal company data to use as leverage for extortion.

Brain Cyper spreads laterally across networks by stealing admin credentials, locking all data in the process.