The conti ransomware gang managed to hack the cyber security system of Bank Indonesia (BI) some time ago. This group stole non-critical data of BI employees. Cyber โโsecurity expert from CISSReC, Pratama Persadha admits BI data hackers are the most dangerous cyber group in the world. In carrying out cybersecurity attacks, this group of hackers is acknowledged to have never failed.
"The attack was carried out by the Conti Ransomware hacker group, which is one of the most dangerous ransomware hacker groups in the world, and has a "good" reputation. So if you publish something, it is definitely valid because its reputation is at stake," said Pratama Persadha.
The series of cases of cyber attacks that have occurred in Indonesia in recent times should be a strong warning for institutions and companies to further enhance their cyber security. The attack on Bank Indonesia was the third to occur in early 2022, following the case of the Ministry of Health and its subsidiary Pertamina. According to Pratama Persadha, cyber attacks that hit Indonesia have entered the red alert or dangerous stage.
1. Attack analysis
The hack that hit BI attacked 16 computers with ransomware, and this ransomware could have come from anywhere. Pratama Persadha explained the need for digital forensics to find out exactly where the ransomware infiltrated the computer.
"It could be through phishing practices, weak login credentials, or because employees access office systems with unsafe networks and equipment," said Pratama Persadha.
Ransomware that infiltrates a computer network can infect files and spread to all connected servers, so data on other devices that are still on the same network can also be affected.
2. Financial institutions become targets
The trend of cyber attacks using ransomware continues to increase every year. This happens because almost all employment sectors are digitized, especially banking. Digitization that helps work become more efficient, leaves a bad impact, namely opening up institutions to cyber attacks.
"Banks and financial institutions including BI will become targets of cyber attacks that are quite open in the coming years. Therefore, cyber security enhancements must be carried out by the state and the private sector," said Pratama Persadha.
3. Cyber โโattack mode
Cyber-attack modes can vary, from extortion leading to ransoms to foreign espionage programs. If the attack is aimed at ransom, the data or files that are attacked will be encrypted so that they cannot be opened by the data owner. So that victims inevitably have to pay a certain amount of money to get access to the data.
"If the victim does not pay the requested ransom, then the data and system will be damaged and the system cannot run so the organization's services will stop. Because data files are expensive and important, so surely the institution will not want to pay a ransom if it is hit by a ransomware attack," close Pratama Persadha.
4. Recognize dangerous Ransomware
What is ransomware and how can it hack into the data of a company or institution? Ransomware was first discovered on the computer of Eddy Willems, who worked for an insurance company in Belgium in 1989. The ransomware appeared after Willems inserted a floppy disk or diskette into his computer. Willems boss asked him to check what was inside. The diskette was one of 20,000 sent by post to participants at the World Health Organization's AIDS conference in Stockholm. When he inserted the diskette, Willems hoped to see medical research. Instead, he fell victim to the ransomware's first action. A few days after inserting the diskette, Willems' computer was locked and a message appeared demanding that he send US$189 in an envelope to the PO Box, to Panama.
"I didn't pay the ransom or lose data because I found a way to turn the situation around," Willems said.
He was one of the lucky ones. The reason, some people become victims of the loss. After the incident, Willems said he started getting calls from medical institutions and organizations. They asked how Willems tackled the ransomware. The ransomware attack made headlines and appeared in Virus Bulletin, a security magazine for cyber professionals.
"Despite the clever and very cunning conception, the program is actually fairly untidy," according to an analysis in the magazine.
Nevertheless, the crime was the world's first digital blackmail. It is not clear whether any person or organization paid the ransom. Law enforcement eventually traced the address asking for the ransom. Finally, after being traced it turned out that the address came from a Harvard-educated biologist named Joseph Popp. He was doing AIDS research at the time. Joseph was eventually arrested and charged with multiple counts of racketeering, and to a large extent being the inventor of ransomware.
"Even to this day, no one really knows why he did this," said Willems
Willems suspected someone else was involved besides Popp. The reason, he said, needed large amounts of money to send the floppy disk containing the ransomware. In addition, several reports indicate Popp has been rejected by the WHO for employment opportunities. After his arrest at Amsterdam's Schiphol Airport, Popp was sent back to the United States and imprisoned. He allegedly informed authorities that he planned to donate the ransom money to AIDS research. Security experts believe ransomware attacks against companies and individuals will continue to grow because it is easy to execute, difficult to track, and victims can be exploited for large sums of money.
5. A safe way of doing business from ransomware threats
Kaspersky experts have some important tips for restarting a business safe from ransomware threats. Here are tips for what to do after, during, and after a ransomware attack:
1. Before the ransomware attack
First, business people should always back up or new backup copies for files so they can replace them if one day experiences loss and store the data not only on physical objects, but also in cloud storage. Second, provide education to workers. Explain to employees that following simple rules can help companies avoid ransomware incidents. Create employee and operational control policies covering aspects of network management and facilities, including regulation of password updates, incident handling, access control rules, and protecting sensitive data. Third, provide layered security for everything. Fourth, do an update or update because it is very important to install all security updates as soon as they become available. Always keep the operating system and software up to date to eliminate vulnerabilities.
2. During and after a ransomware attack
First, the thing to do is to unblock the computer and remove all the malware. If the user's computer is blocked, it will not be able to load the device system. Users can use free utilities like Kaspersky Windows Unlocker which can remove blockers and help Windows boot up. Second, never pay and report immediately. Ransomware attacks are a crime. Do not pay the perpetrator the amount demanded in exchange for returning the data back. If a user is a victim, please report it to local law enforcement agencies. Third, get the data back. If they have a backup copy of the data, the user can easily restore files from the backup. However, if you haven't already made a backup, users can try decrypting the files by using special utilities called decryptors. Make sure to download this program from a reputable and trusted website. Otherwise, the user is at high risk of being infected by some other malware. Fourth, always involve experts. If decryption is not available online, immediately contact a trusted cybersecurity vendor to check if they have a decryption tool for the ransomware that has attacked.
You must be logged in to post a comment.