Indonesia gov ransomware chaos may be over after hack group apologizes and says it has shared decrypt keys

Ransomware group Brain Cipher has announced that it will reveal its decrypt keys in the wake of a ransomware attack it conducted against Indonesia’s Temporary National Data Center (PDNS). German tech site Golem.de reported the news after the group posted the key, along with instructions on how to decrypt the data, on its website.

“We hope that our attack made it clear to you how important it is to finance the industry and recruit qualified specialists,” the group said Monday. “Our attack did not carry a political context, only a pentest [penetration test] with post payment.”

Brain Cipher even apologized to the wider Indonesian citizenry saying, “Citizens of Indonesia, we apologize for the fact that it affected everyone.” The group claims that it made this move of its own accord, with no prodding from any government agency. Nevertheless, it’s asking for public gratitude for its ‘generous’ action while simultaneously sharing a Monero address for donations.

After it released the decryption keys, Brain Cipher said, “We will wait until the second party [the Indonesian government] has officially confirmed that the key works and the data has been restored.” It will then delete its copy of the data, after verifying that Indonesia’s data centers are accessible again.

This massive ransomware attack has been a major headache for Jakarta, especially after it noticed that the two affected data centers, which house the information for over 230 public agencies, did not have backups available . The group demanded 131 billion Rupiah, or about US$8 million, to release the decryption key. However, even though the government had no backups of its data, it said that it would not pay the ransom.

Indonesia has yet to acknowledge this development or release a statement regarding the attack on its data center as of the time of writing, so we can't be certain that the decrypt keys work. After all, many ransomware attackers are known to accept payment from their victims but still refuse to release the decrypt key(s) for their data. Furthermore, this move by Brain Cipher might merely be an act of publicity for the group to gain some notoriety or donations. So, until Jakarta confirms that its data is safe and available again, we cannot believe that the decrypt key even works.