Brain Cipher Ransomware Attack

What is the attack?

A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services.. This ransomware attack represents a new variant of the LockBit 3.0 ransomware. In 2023, the LockBit hacker group also severely disrupted the Bank Syariah Indonesia (BSI) systems.

What is the recommended Mitigation?

Ensure that all systems are up to date with robust cybersecurity measures. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.

What FortiGuard Coverage is available?

• FortiGuard Labs has AV signatures to block all the known malware variants used by the Ransomware group.

• Behavior-based detection through FortiSandbox detects new and unknown ransomware malware samples.

• FortiEDR can mitigate the risk associated with the execution and subsequent behavior of Brain Cypher ransomware.
  For more information, please see the link to the Fortinet community site added to the Appendix.

• The Web filtering service blocks all the known IoCs related to the campaign.

• These IOCs are available for threat hunting through FortiAnalyzer, FortiSIEM, and FortiSOAR.