LockBit hits Indonesian bank BSI with a ransomware attack

May 16, 2023
LockBit Ransomware Gang Indonesia Banking BSI Bank Syariah Indonesia Ransomware Cyberattack

On May 8, 2023, the operations of an Indonesian banking firm, BSI (Bank Syariah Indonesia), were disrupted by a security incident that forced its ATM and bank office transaction services to go offline. Several experts claim that this incident was orchestrated by ransomware actors, especially how the banking firm’s backup system had malfunctioned during the issue. 

Following headlines about the BSI security incident, the notorious LockBit ransomware gang took it to their leak site to claim the attack. In LockBit’s post, they claimed to have obtained 1.5TB of data from the Indonesian banking firm, which consisted of nine databases of the bank’s employees and over 15 million customers. 

Some information stored on the alleged stolen databases are customers’ full names, phone numbers, addresses, sensitive proprietary documentation, account numbers, card numbers, NDAs, transaction histories, contracts, and passwords. 

 

BSI was given until May 15 as a deadline to pay LockBit’s ransom demands. 

 

As the deadline for LockBit’s ransom demand on the Indonesian banking firm approached, they published another post on their leak site. The post stated recommendations to BSI’s customers about discontinuing to use of the bank’s services since it is purportedly untruthful to them about the real cause of the incident. 

Moreover, the ransomware group said they have yet to disclose the vulnerability they found within the BSI system, keeping it to themselves for an alleged post-exploitation plan. 

The ending of the negotiation period also entailed the leakage of the alleged stolen data from the Indonesian bank taken during the data breach. According to LockBit, all data they have claimed to have obtained from BSI is now available online. 

Based on the analysis of the leaked databases, an index of BSI’s files consisting of numerous critical data has been available for download, although it is still unverified whether they are legitimate. The affected Indonesian bank has yet to release comments about this development, deeming LockBit’s claims unconfirmed. 

BSI’s official website is working normally as of this article. Our iZOOlogic security team will continue to be on the lookout for developments about this issue and share updates as they arise. 

While the data leak is yet to be verified, all BSI customers are strongly advised to remain vigilant of cyberattacks from malicious actors and ensure the safety of their online accounts that may be involved in the leak. 

About the author

Leave a Reply