Home News Bank Indonesia Suffers Ransomware Attack, Suspects Conti Involvement

Bank Indonesia Suffers Ransomware Attack, Suspects Conti Involvement

Security experts suspect the Conti ransomware group behind the attack on Bank Indonesia.

Sardonic, BitMart

Banks and financial institutions are always on a hacker’s target list. Cybercriminals recently targeted Bank Indonesia (BI), disrupting its operations temporarily. According to a report, the central bank of the Republic of Indonesia confirmed that it had sustained a ransomware attack. However, the bank also clarified that the attack did not impact its operations or compromise any critical data, adding mitigation measures were undertaken.

“We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at all,” said Bank Indonesia’s spokesperson in a media statement.

Cybercriminals leverage ransomware to penetrate targeted network systems, infect critical files, and encrypt them, making them inaccessible to others. Threat actors often demand a ransom to decrypt the infected systems.

Conti Ransomware Suspected

While Bank Indonesia did not reveal the ransomware operators behind this attack, security experts suspect this could be from the Conti ransomware group. Conti is a Russian-speaking ransomware group that reportedly victimized more than 400 organizations worldwide, of which 290 are in the U.S. alone. Conti attackers infiltrate victim networks through phishing emails (malicious links or attachments) or stolen/cracked remote desktop protocol (RDP) credentials. These cyber actors then steal files, encrypt servers and workstations, and demand ransom.

Also Read: Cybercriminals Make Twitter a Playing Field to Target Indonesian Banks

Cyberattacks on Indonesia

Security incidents on Indonesian financial organizations have become prevalent in recent times. A cyber intelligence report from Group-IB recently found traces of an ongoing fraudulent campaign based on Twitter targeting Indonesia’s largest banks.  Cybercriminals posed as bank representatives or customer support team members on Twitter to lure and gain the trust of targeted victims. This massive campaign, which began in January 2021, ballooned 2.5-fold (from 600 in January) to a total of 1,600 fake Twitter accounts impersonating banks until early March. It is found that over seven large Indonesian financial institutions have been targeted under this campaign. The scam affected over two million Indonesian bank customers active with legitimate bank handles on Twitter.