Incident: Bank Indonesia Hit by Ransomware Attack, Public Services Unaffected.

Published Date: 2022-01-20

Postmortem Analysis
Timeline 1. The software failure incident at Bank Indonesia happened last month, as reported on January 20, 2022 [Article 123301]. Therefore, the incident occurred in December 2021.
System 1. Ransomware attack on Bank Indonesia's central bank systems [Article 123301] 2. Malicious software 'Conti' used by cybercriminals to target Bank Indonesia [Article 123301]
Responsible Organization 1. Cybercriminals using the malicious software 'Conti' were responsible for the ransomware attack on Bank Indonesia [Article 123301].
Impacted Organization 1. Bank Indonesia [Article 123301] 2. Indonesia's central bank [Article 123301]
Software Causes 1. Ransomware attack using malicious software dubbed 'Conti' targeted Bank Indonesia [123301]. 2. Potential encryption of victims' data by the ransomware leading to threats of leaking confidential data [123301]. 3. Previous cyber attacks on Bank Indonesia in 2016, mainly DDoS attempts, indicating a history of vulnerability to cyber threats [123301].
Non-software Causes 1. The attack was carried out by ransomware, which is a type of malware that encrypts victims' data and demands payment in return for decryption keys [Article 123301]. 2. The cyber attack on Bank Indonesia was attributed to cybercriminals using a malicious software called 'Conti' [Article 123301]. 3. The attack involved the threat of leaking confidential data if the victim did not comply with the hackers' demands for cryptocurrency payments [Article 123301].
Impacts 1. The ransomware attack on Bank Indonesia did not disrupt its public services, as stated by the central bank's spokesperson Erwin Haryono [Article 123301]. 2. No critical data was leaked during the attack, according to a BSSN spokesman [Article 123301]. 3. The cybercriminals behind the attack used a malicious software called 'Conti' to target Bank Indonesia [Article 123301]. 4. The ransom software used in the attack encrypted victims' data and demanded cryptocurrency payments [Article 123301]. 5. Cybersecurity expert Miftah Fadhli highlighted the need for Bank Indonesia to investigate the severity of the attack, as it could have a significant impact on its transactions [Article 123301].
Preventions 1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and network monitoring to detect and prevent ransomware attacks [Article 123301]. 2. Ensuring all software and systems are regularly updated with the latest security patches to address known vulnerabilities [Article 123301]. 3. Providing comprehensive cybersecurity training to employees to recognize and respond to potential cyber threats effectively [Article 123301].
Fixes 1. Enhancing cybersecurity measures and protocols to prevent future ransomware attacks [123301]. 2. Conducting a thorough investigation to assess the severity of the attack and its potential impact on transactions [123301].
References 1. Bank Indonesia spokesperson Erwin Haryono [Article 123301] 2. BSSN (Indonesia's cyber agency) [Article 123301] 3. CNN Indonesia [Article 123301] 4. DarkTracer [Article 123301] 5. Miftah Fadhli, cybersecurity expert at the NGO Institute of Policy Research and Advocacy (ELSAM) [Article 123301]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident has happened again at one_organization: The article mentions that in 2016, Bank Indonesia was among several central banks hit by cyber attacks, although officials stated that no money was lost. The attacks in 2016 were mainly Distributed Denial of Service (DDoS) attempts [Article 123301]. (b) The software failure incident has happened again at multiple_organization: There is no specific mention in the article about similar incidents happening at other organizations.
Phase (Design/Operation) design, unknown (a) The software failure incident related to the design phase: The incident at Bank Indonesia was a ransomware attack that targeted the central bank's systems. The attack was attributed to malicious software called 'Conti', which encrypted victims' data. This incident highlights a failure in the design phase, where vulnerabilities in the system's design or security protocols allowed cybercriminals to exploit the system [123301]. (b) The software failure incident related to the operation phase: The article does not provide specific information about the failure being due to factors introduced by the operation or misuse of the system. Therefore, it is unknown if the incident at Bank Indonesia was directly related to the operation phase.
Boundary (Internal/External) within_system (a) within_system: The software failure incident at Bank Indonesia was due to ransomware attack, specifically by a malicious software dubbed 'Conti' as reported by DarkTracer [123301]. The attack encrypted victims' data, and the hackers demanded cryptocurrency payments in return for a decryption key. This indicates that the failure originated from within the system, as the ransomware infiltrated the bank's network and affected its data. (b) outside_system: The article does not provide explicit information indicating that the contributing factors of the software failure incident originated from outside the system.
Nature (Human/Non-human) non-human_actions (a) The software failure incident at Bank Indonesia was due to non-human actions, specifically a ransomware attack by cybercriminals using a malicious software dubbed 'Conti' [123301]. The attack encrypted victims' data, and the hackers demanded cryptocurrency payments in return for a decryption key. Additionally, the attack did not involve any human participation in introducing the contributing factors that led to the failure.
Dimension (Hardware/Software) software (a) The software failure incident at Bank Indonesia was due to a ransomware attack, specifically by a malicious software dubbed 'Conti' as reported by DarkTracer [123301]. This attack originated from external cybercriminals targeting the bank's systems. (b) The ransomware attack on Bank Indonesia was a result of a software failure, where the malicious software encrypted victims' data and demanded cryptocurrency payments in return for decryption keys. This software failure was not caused by internal software bugs or faults but rather by external malicious actors exploiting vulnerabilities in the bank's systems.
Objective (Malicious/Non-malicious) malicious (a) The software failure incident at Bank Indonesia was malicious in nature. The incident involved a ransomware attack, where the central bank was targeted by cybercriminals using a malicious software dubbed 'Conti'. The ransomware works by encrypting victims' data and demanding cryptocurrency payments in return for a decryption key. Additionally, hackers threatened to leak confidential data if the victim resisted, indicating malicious intent to harm the organization [123301].
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident at Bank Indonesia was due to poor decisions made by cybercriminals using a malicious software dubbed 'Conti' to launch a ransomware attack. The attackers encrypted victims' data and demanded cryptocurrency payments in return for a decryption key. If the victims resisted, the hackers threatened to leak confidential data to increase pressure on the organization [123301].
Capability (Incompetence/Accidental) accidental (a) The software failure incident at Bank Indonesia was not attributed to development incompetence. The incident was described as a ransomware attack, where cybercriminals used malicious software called 'Conti' to target the central bank [123301]. (b) The software failure incident was accidental in nature, as it was a result of being attacked by ransomware. The attack was not planned by the bank itself but was carried out by external cybercriminals [123301].
Duration temporary The software failure incident at Bank Indonesia due to ransomware was temporary in nature. The incident occurred last month, but the risk from the attack had been mitigated, and it did not affect the public services of the bank. Recovery operations were conducted, and the spokesperson mentioned that public services were not disrupted at all [Article 123301].
Behaviour value, other (a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [123301]. (b) omission: The incident does not mention the software failing due to omitting to perform its intended functions at an instance [123301]. (c) timing: The incident does not indicate the software failing due to performing its intended functions correctly but too late or too early [123301]. (d) value: The software failure incident involves the system being attacked by ransomware, which could lead to the system performing its intended functions incorrectly, such as encrypting data and potentially leaking confidential information [123301]. (e) byzantine: The incident does not explicitly mention the software behaving erroneously with inconsistent responses and interactions, which would align with a byzantine failure [123301]. (f) other: The software failure incident involves ransomware attacking Bank Indonesia's central bank, which could lead to various other behaviors such as data encryption, threats of data leaks, and potential financial risks [123301].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident at Bank Indonesia involved a ransomware attack by cybercriminals using a malicious software called 'Conti'. Ransomware works by encrypting victims' data, and hackers typically demand cryptocurrency payments in exchange for a decryption key. If the victim resists, hackers can threaten to leak confidential data, putting pressure on the organization or individual [123301].
Domain finance (a) The failed system was intended to support the finance industry. The software failure incident occurred at Bank Indonesia, the central bank of the country, which was attacked by ransomware [123301]. The incident involved the encryption of data and threats to leak confidential information in exchange for cryptocurrency payments, indicating a cyber attack aimed at financial institutions. Additionally, the attack did not disrupt public services provided by the bank, highlighting the focus on financial operations [123301].

Sources

Back to List