Jakarta, Indonesia Sentinel — Bank Rakyat Indonesia (BRI) has been targeted in a ransomware attack by the group known as Bashe, with hackers threatening to release stolen data unless their demands are met. The cyber attack, reportedly happening on December 18, 2024, has drawn attention after Falcon Feeds, a digital security intelligence platform, revealed that Bashe gave BRI a deadline of four days, until December 23, to comply with their ransom request. Should BRI fail to meet the demands, the hackers plan to release the stolen data and sell it on the dark web.
In a statement made by Falcon Feeds on December 19, they clarified that while they did not confirm the validity of Bashe’s claims, the group has published samples of the stolen data to support their threats. Falcon Feeds also provided background on Bashe, identifying the group as also known as APT73 or Eraleig, and noting that they emerged in April 2024. It is believed that Bashe is a splinter group of the notorious LockBit ransomware, known for its attack on the Surabaya National Data Center in 2024. This connection is drawn from the similarities in the group’s tactics, techniques, and infrastructure.
Despite the threats from the hackers, BRI has denied that any ransomware attack has affected their systems. Arga M. Nugraha, BRI’s Director of Digital and IT, addressed concerns on December 19, emphasizing that the bank has conducted an in-depth assessment and found no evidence of a ransomware breach.
“We have conducted a thorough assessment and found no ransomware threat to our systems. Further assessments show that the data displayed is not from BRI’s systems,” said Arga in an official statement.
Arga assured customers that all banking services are operating normally. This includes online banking via BRImo, mobile banking apps like Qlola, and ATM/CRM services. BRI also reiterated that their information technology security systems meet international standards and are regularly updated to protect against evolving digital threats.
“We continue to ensure that all services and systems at BRI are functioning normally, and we are committed to maintaining the security of our customers’ data,” added Arga.
Sritex Group Declared Bankrupt After Supreme Court Rejects Appeal
Cybersecurity expert Alfons Tanujaya from Vaksincom commented that the public release of the names of attacked institutions often signifies a breakdown in negotiations between ransomware groups and their victims, suggesting that the victim may have failed to respond or refused to pay the ransom.
BRI has also emphasized that the safety and security of its customers are its top priority. In response to the threat, the bank is continuously monitoring its systems and has reassured customers that no personal or financial data has been compromised.
As of now, BRI remains confident that their systems are secure, and the bank has taken proactive steps to prevent further cyber threats from affecting their operations.
(Becky)