Mengenal Brain Cipher, Hacker yang Klaim Bertanggung Jawab atas Serangan ke PDN
Summary
TLDRA recent account on the Dark Web claiming to represent the hacker group 'Brain Cyper' announced they would provide a free decryption key for data held hostage in a ransomware attack on Indonesiaβs national data center (PDNS). The ransomware attack, using a variant of Lock 3.0, occurred on June 20, 2024. Brain Cyper apologized to the Indonesian public and advised the government to strengthen cybersecurity measures. They also warned victims not to involve authorities during negotiations, threatening to leak the stolen data if terms were violated.
Takeaways
- π A group called Brain Cyper has claimed responsibility for a ransomware attack on Indonesia's national data center.
- ποΈ Brain Cyper announced they will release the decryption keys for free on July 3, 2024, after previously stating June 20, 2024.
- π» The ransomware attack was executed using a variant named Lock 3.0, suggesting a more advanced form of cyber threat.
- π The announcement on the Dark Web was titled 'More Important Than Money: Only Honor', including a logo of Kenkomino.
- π¨ Brain Cyper urged the Indonesian government to improve its cybersecurity systems in response to the attack.
- π They also apologized to the Indonesian people for the disruption caused.
- π¬ The group set specific rules for ransom payment, including the use of cryptocurrency Monero and no involvement of security agencies like the FBI or NSA.
- π« If the conditions are violated, Brain Cyper threatens to halt negotiations and publish the victim's data on their website.
- π Brain Cyper's ransomware not only adds an extension to encrypted files but also encrypts the file names.
- πΌ The group infiltrates company networks, steals admin credentials, and spreads the ransomware to lock all data, using stolen data as leverage for ransom demands.
Q & A
What is the significance of the 'brand cyper' account on the Dark Web?
-The 'brand cyper' account on the Dark Web recently claimed to offer free decryption keys to unlock data from the national data center, following a ransomware attack.
When did the ransomware attack on the national data center (PDNS) occur?
-The ransomware attack on PDNS occurred on June 20, 2024.
What is Brain Cyper, and what role did they play in the attack?
-Brain Cyper is a hacker group suspected of being responsible for the ransomware attack on the national data center (PDNS).
What is the title of the announcement posted by Brain Cyper on the Dark Web?
-The announcement is titled 'More Important Than Money, Only Honor.'
What is Brain Cyper's message to the Indonesian government?
-Brain Cyper advised the Indonesian government to improve its cybersecurity systems in response to the ransomware attack.
Did Brain Cyper apologize to the public? If so, why?
-Yes, Brain Cyper apologized to the Indonesian public for the disruption caused by their ransomware attack.
What conditions did Brain Cyper impose for the ransom payment?
-Brain Cyper stated that ransom payments must be made via blockchain using the cryptocurrency Monero, and victims must not involve law enforcement agencies like the FBI, CSI, or NSA.
What could happen if Brain Cyper's ransom conditions are violated?
-If the conditions are violated, Brain Cyper will cease negotiations and publish the victim's data on their website.
What type of ransomware did Brain Cyper use, and how is it unique?
-Brain Cyper used a modified version of Lockid 3.0 ransomware, which not only encrypts files but also encrypts file names.
How does Brain Cyper execute its ransomware attacks?
-Brain Cyper penetrates a company or institution's network, moves laterally to other devices, steals admin credentials, and deploys ransomware to encrypt data while stealing it to extort the victim.
Outlines
π Dark Web Hacker Group Claims to Offer Free Decryption Key
Recently, an account posing as the 'Brain Cyper' hacker group emerged on the Dark Web, claiming they would release a free key to unlock the national data centerβs encrypted data. They plan to release this key on Wednesday, July 3, 2024. The data center, responsible for managing government data, was attacked by ransomware on June 20, 2024. The ransomware, named 'Brain Cyper,' targeted the PDNS (Public Data National Service).
π΅οΈββοΈ Who is Brain Cyper?
Brain Cyper is a hacker group believed to be responsible for the recent ransomware attack on the PDNS. In a Dark Web post titled 'More Important than Money, Only Honor,' the group issued a statement featuring their logo and apologized to the people of Indonesia for the chaos they caused. They urged the government to improve its cybersecurity measures while outlining rules for ransom payments.
π° Ransom Payment Rules and Threats
Brain Cyper listed strict guidelines for ransom payments, insisting they be made through the Monero cryptocurrency via blockchain without involving authorities like the FBI, CSI, or NSA. Any violation of these rules would result in the cessation of negotiations and the public release of the victim's data. If negotiations succeed, the group promised to delete all stolen data from their servers.
π¨ Limited Documentation of Brain Cyper's Activities
So far, there are few documented cases of attacks by Brain Cyper. According to malware analyst Lawrence Abrams, the group is believed to have only started operating in June 2024, with Indonesia being one of its first victims. Ransomware samples attributed to Brain Cyper have been spotted on various malware sites in recent weeks.
π Brain Cyper's Ransomware: A Modified Version of Lockid 3.0
The Brain Cyper ransomware is a modified version of the Lockid 3.0 ransomware, which was leaked and repurposed by other hackers. Brain Cyper made some changes to the encryption process, including encrypting file names in addition to file extensions, making recovery more difficult for victims.
π― Methods and Goals of Brain Cyper Attacks
Brain Cyper executes their ransomware by infiltrating an organization's network and moving laterally to other devices. They steal administrator credentials and encrypt the entire system's data. Before encrypting, they steal the companyβs data, using it to blackmail victims into paying the ransom.
Mindmap
Keywords
π‘Dark web
π‘Brain Cyper
π‘Ransomware
π‘PDNS (Pusat Data Nasional)
π‘Encryption
π‘Monero
π‘Lock 3.0
π‘Blockchain
π‘Honor over money
π‘Lateral movement
Highlights
A new account claiming to be associated with the Brain Cyper brand has appeared on the Dark Web, offering free keys to unlock the National Data Center data.
Brain Cyper announced they would release the free decryption key on Wednesday, July 3, 2024.
On June 20, 2024, the National Data Center (PDNS) was attacked by a ransomware variant named Lock 3.0, developed by Brain Cyper.
Brain Cyper is suspected to be responsible for the recent ransomware attack on PDNS.
The Dark Web announcement was titled 'More Important Than Money, Only Honor' and featured the Kenkomino logo.
Brain Cyper's ransomware attack led them to request the Indonesian government to enhance its cybersecurity systems.
Brain Cyper apologized to the Indonesian people for the disruption caused by their ransomware attack.
Brain Cyper outlined several rules for ransom payment, including the requirement to use the Monero cryptocurrency through blockchain platforms.
If a third party such as FBI, CSI, or NSA is involved, Brain Cyper threatens to halt negotiations and publicly release victim data.
Brain Cyper promises to delete all uploaded data from their servers if negotiations proceed smoothly.
Ransomware samples linked to Brain Cyper have been uploaded to various malware sites in recent weeks.
Brain Cyper ransomware is based on the leaked Lockid 3.0 ransomware, which other hackers have repurposed.
Brain Cyper made minor modifications to the encryption, including encrypting both file contents and file names.
Before encrypting data, Brain Cyper hackers steal company data to use as leverage for extortion.
Brain Cyper spreads laterally across networks by stealing admin credentials, locking all data in the process.
Transcripts
[Musik]
baru-baru ini ada akun yang
mengatasnakan brand cyper di Dark web
yang mengeklaim akan memberikan kunci
gratis untuk membuka data pusat data
nasional sementara mereka mengumumkan
akan memberi kunci itu gratis pada Rabu
3 Juli
2024 sebelumnya pada 20 Juni 2024 pdns
yang berfungsi sebagai tempat mengelola
dan menyimpan data dari instansi
pemerintah telah diserang ransomware
jenis lok 3.0 bernama Brain cyer lantas
Siapakah sebenarnya Brain cyper ini
Brain cyer adalah kelompok hacker yang
diduga bertanggung jawab atas serangan
ke pdns belakangan ini pengumuman yang
diunggah di Dark web itu berjudul more
important than money only honor dengan
tercantum logo
kenkomino akibat Serangan ransomware
yang dilakukan mereka juga berpesan agar
pemerintah meningkatkan sistem keamanan
cyber Selain itu Brin cyper juga meminta
maaf kepada semua rakyat Indonesia
karena kegaduhan yang mereka buat dalam
laman tersebut brand cyper juga
mencantumkan beberapa aturan terkait
pembayaran tebusan misalnya BR cyer
membuat ketentuan apabila pembayaran
tebusan dilakukan melalui platform
blockchain menggunakan mata uang crypto
monero korban tidak boleh melibatkan
pihak ketiga atau otoritas keamanan
seperti FBI CSI NSA dan lain-lain jika
melanggar syarat brand cyper akan
menghenti negosiasi dan mempublikasikan
data korban ke website mereka saat
negosiasi berjalan baik mereka menjamin
seluruh informasi yang diunggah akan
dihapus dari server mereka hingga saat
ini belum banyak aksi serangan brand
cyper yang terdokumentasikan menurut
analis Malware dan pemilik Media
pelpping Computer Lawrence Abrams brand
cyper diperkirakan baru beroperasi Juni
lalu dan Indonesia menjadi salah satu
korbannya Abrams mengaku tahu banyak
sampel ransomware brand cyper yang
diunggah ke beragam situs Malware selama
beberapa minggu kemarin katanya brand
cyper dibuat dengan berbasis program
ransomware lockid 3.0 yang bocor dan
dipakai hacker lain untuk membuat
program ransomware-nya sendiri brand
cyper telah membuat beberapa perubahan
kecil pada enkripsi salah satunya yakni
ransomware brand cyperer yang tak hanya
menambah ekstensi ke file enkripsi tapi
juga mengenkripsi nama file brand cyer
juga membuat catatan atau peringatan
serangan saat menyerang brand ciper akan
menerobos jaringan komputasi Perusahaan
atau lembaga dan menyebar secara lateral
ke perangkat lain hacker akan mencuri
kredensial admin di sistem operasi dan
akan menyebarkan ransomware ke seluruh
jaringan untuk mengunci semua data namun
sebelum mengenkripsi data hacker akan
mencuri data perusahaan untuk dijadikan
alat memeras korban
[Musik]
[Musik]
Browse More Related Video
Cybersecurity incident in Indonesia: the PDN(S) incident
Teknologi Sebenarnya di Balik Peretasan Pusat Data Kominfo (Enkripsi Data)
More about PDNS incident 2024 (The Indonesia National Data Center)
FULL Dialog - Mantan Hacker Bicara Soal Data Nasional "Down"
Jawaban Menkominfo terkait Peretasan Data Pusat Data Nasional | Narasi Daily
Warum DEINE Daten im DARKNET nichts mehr wert sind
5.0 / 5 (0 votes)