Ransomware group Brain Cipher has announced that it will release its decryption keys following a ransomware attack it carried out against the Indonesian Temporary National Data Center (PDNS). German tech site Golem.de reported the news after the group published the key, along with instructions on how to decrypt the data, on its website.
“We hope our attack made you understand how important it is to fund the industry and recruit qualified specialists,” the group said Monday. “Our attack had no political context, only a pentest.” [penetration test] with postal payment.
Brain Cipher even apologized to all Indonesian citizens, stating, “Citizens of Indonesia, we apologize for the fact that this has affected everyone.” The group claims to have made this decision on its own, without any solicitation from any government agency. However, it is asking for the public’s gratitude for its “generous” action while simultaneously sharing a Monero address for donations.
After releasing the decryption keys, Brain Cipher said, “We will wait for the second part [the Indonesian government] officially confirmed that the key is working and the data has been restored.” It will then delete its copy of the data, after verifying that the Indonesian data centers are accessible again.
The massive ransomware attack has been a major headache for Jakarta, especially after it was discovered that the two affected data centers, which house information for more than 230 government agencies, had no backups. The group demanded 131 billion rupiah, or about $8 million, to provide the decryption key. However, even though the government had no backups of its data, it said it would not pay the ransom.
Indonesia has yet to acknowledge this development or issue a statement regarding the attack on its data center at the time of writing, so we cannot be certain that the decryption keys work. After all, many ransomware attackers are known to accept payment from their victims but still refuse to disclose the decryption key(s) to their data. Furthermore, this move by Brain Cipher could simply be an act of publicity for the group in order to gain some notoriety or donations. So, until Jakarta confirms that its data is safe and available again, we cannot believe that the decryption key works.
