Bank Indonesia, the central bank of Indonesia, has confirmed that its networks were hit by a ransomware attack last month.
According to CNN Indonesia, the attackers were able to access the non-critical data of Bank Indonesia’s staff members before launching ransomware attacks on its various systems. However, a bank spokesperson said the attack was later mitigated before impacting BI’s public services.
“We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at all,” the head of BI’s communications department, Erwin Haryono, said.
“BI is aware of a ransomware hack last month. We are aware that we have been hit by a cyber attack. This is a crime, it is real, and we are exposed to it,” Haryono added according to local media.
Bank Indonesia claimed that the attack was carried out by an unknown group of criminals who stole some files from the bank’s network. Even though BI did not attribute the attack to a specific actor, Conti ransomware gang claimed the attack yesterday and leaked some files allegedly stolen from Bank Indonesia’s network.
The ransomware group demanded Bank Indonesia to pay a ransom for not releasing some 13.88 GB worth of documents.
The attack was carried out through a ransomware-as-a-service (RaaS) operation run by Conti, part of a larger Russian cybercrime group known as Wizard Spider. The group’s affiliates carried out the attack by infecting corporate devices with the aforementioned malware.
Conti is known for targeting high-profile organizations such as the Irish Department of Health, a marketing giant RR Donnelly (RRD), and the Health Service Executive.
After breaching the victim’s network, the attackers can then extract data and distribute the ransom payloads across the victim’s network.