Bank Indonesia Confirms Conti Ransomware Attack; Stolen Files Leaked

Bank Indonesia (BI), the central bank of the Republic of Indonesia, confirmed a ransomware attack hit its networks last month.

During the attack, on a central bank office on the island of Sumatra, the perpetrators allegedly stole “non-critical” employee data and deployed ransomware payloads on several devices on its network, according to CNN Indonesia.

As Reuters reports, a BI representative claimed the attack was mitigated before affecting the bank’s public services. Furthermore, a spokesman for Indonesia’s National Cyber and Crypto Agency (BSSN) said the attackers didn’t manage to extract any critical data.

"We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at all," said Erwin Haryono, head of BI’s communications department.

The bank’s representatives didn’t attribute the attack to any ransomware gang. However, the Conti ransomware group claimed the attack and added the Bank Indonesia to their list of victims on a Tor leaks site, stating it stole approximately 14 GB (13.88 GB) worth of files.

Conti is a Ransomware-as-a-Service that surfaced in the threat landscape at the end of 2019 and spread mainly through TrickBot infections. Experts believe the operation is linked to Wizard Spider, a notorious Russia-based cybercrime group known for other malware strains, such as BazarLoader and Ryuk.

The gang seems to focus on high-profile corporate networks, which they compromise by targeting critical devices with BazarLoader or TrickBot malware to gain unauthorized remote access. After breaching the network, threat actors try to spread by infecting other connected devices.

By covering as much ground as possible, attackers can harvest and leak data to their C2 (Command and Control Infrastructure) before deploying ransomware payloads on the network.

The ransomware group is believed responsible for more than 500 organizations worldwide. In the past, the FBI, NSA, CISA and other authorities have issued warnings to address the increase in ransomware attacks by the Conti gang.