Ransomware Group Behind Indonesian Data Center Attack Wears Many Masks

Brain Cipher made a loud entry to the ransomware scene, but it doesn't seem to be quite as sophisticated as its accomplishment would suggest.

Nate Nelson, Dark Reading

August 23, 2024

2 Min Read
A jumble of scary Halloween masks for sale
Alamy

The threat actor behind a major attack on Indonesian government services is just one manifestation of an operation going by at least three other names.

On June 20, a ransomware operation known as "Brain Cipher" bit off more than it could chew when it locked up Indonesia's national data center. Hours-long lines began to form across the world's fourth-largest country as ferry passengers waited for booking systems to come back online, and international arrivals stood frozen at passport verification kiosks. Effects were felt throughout more than 200 national and local government agencies in all. Under pressure and with no promise of payment, the group abandoned its $8 million ransom demand, publishing its decryptor for free.

Researchers from Group-IB have since studied Brain Cipher and found that it's related to at least three other groups, or perhaps just operating under four different names. Together, these variously named entities have carried out attacks across the globe, but often without much consequence.

Brain Cipher's TTPs

Evidence of Brain Cipher's existence dates back only to its attack against the Indonesian government. Despite being so young, it already has spread to Israel, South Africa, the Philippines, Portugal, and Thailand. This, however, isn't necessarily proof of any degree of sophistication.

The malware it uses is based on the leaked Lockbit 3.0 builder. It has also used a variant of Babuk in the case of at least one Indonesian victim. "The use of varying encryptors allows threat actors to target multiple operating systems and environments," explains Tara Gould, threat research lead at Cado Security. "Different encryptors may be optimized for different operating systems which widens the scope of potential targets, ultimately maximizing the impact."

What its ransom notes lack in personality they make up for in clarity, with brief, step-by-step instructions on how to pay them for data recovery...

Continue reading this article on Dark Reading.

Read more about:

Dark Reading

About the Authors

Nate Nelson

Nate Nelson

Contributor

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

See more from Nate Nelson
Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to Data Center Knowledge, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

DOE Report Exposes Critical Impact of AI on Data Center Power Consumption
Energy & Power Supply
DOE Report Exposes Critical Impact of AI on Data Center Power ConsumptionDOE Report Exposes Critical Impact of AI on Data Center Power Consumption
bySean Michael Kerner
Sep 10, 2024
5 Min Read
Professor Bantval Jayant Baliga has been awarded the 2024 Millennium Technology Prize
Data Center Chips
2024 Millennium Technology Prize Winner Talks Transistors, Innovations, and Data Center Sustainability2024 Millennium Technology Prize Winner Talks Transistors, Innovations, and Data Center Sustainability
byAshleigh Hollowell
Sep 4, 2024
7 Min Read
ESR Group has completed the first stage of its flagship data center project in Osaka, Japan.
Data Center Construction
New Data Center Developments: September 2024New Data Center Developments: September 2024
byJames Walker
Sep 3, 2024
7 Min Read
Exclusive DCK Resources
See all DCK Resources

Industry Voices

Oracle founder and CTO Larry Ellison at CloudWorld 2024.
Cloud
Oracle CloudWorld 2024: Embracing Multi-Cloud, Nuclear Energy, and Other Event HighlightsOracle CloudWorld 2024: Embracing Multi-Cloud, Nuclear Energy, and Other Event Highlights
byHenry Chapman
Sep 12, 2024
5 Min Read
Data lakes are a critical component of today’s AI and analytics landscape
Data Storage
Data Lakes Evolve: Divisive Architecture Fuels New Era of AI AnalyticsData Lakes Evolve: Divisive Architecture Fuels New Era of AI Analytics
byJack Vaughan
Sep 12, 2024
10 Min Read
Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

Featured How Tos

Financing for New Data Center Construction: An In-Depth Guide
Investing
Financing for New Data Center Construction: An In-Depth GuideFinancing for New Data Center Construction: An In-Depth Guide
byPatrick Lam
Aug 22, 2024
6 Min Read
Data center disaster recovery illustration
Uptime
Data Center Disaster Recovery: Essential Measures for Business ContinuityData Center Disaster Recovery: Essential Measures for Business Continuity
byAlyse Burnside
Jul 29, 2024
8 Min Read
AI data center storage illustration
Data Storage
Deep Dive: Optimizing AI Data Storage ManagementDeep Dive: Optimizing AI Data Storage Management
byDennis Hahn
Jul 12, 2024
8 Min Read