Cyber Incident Victim: Bank Indonesia

In December 2021, Bank Indonesia experienced a ransomware attack targeting its systems. The central bank publicly confirmed the incident on January 20, 2022, through spokesperson Erwin Haryono, who stated that anticipatory measures had mitigated risks and prevented disruption to public services. Recovery operations were conducted following the attack, though specific technical details about the duration or methods of recovery were not disclosed. Indonesia's National Cyber and Crypto Agency (BSSN), cited indirectly through CNN Indonesia, reported that the attack occurred at a Bank Indonesia office on Sumatra island and confirmed no critical data was exfiltrated or leaked. The agency did not provide additional commentary to Reuters when contacted directly. Bank Indonesia emphasized continuity of its financial operations despite the breach, mirroring its response to a separate 2016 cyber incident involving distributed denial-of-service (DDoS) attacks that also resulted in no financial losses.

Cybersecurity monitoring platform DarkTracer identified Bank Indonesia on a target list published by cybercriminals deploying Conti ransomware around the time of the incident. Conti operates by encrypting victim data and demanding cryptocurrency payments for decryption keys, often escalating pressure by threatening to leak stolen confidential information. While the attackers' specific demands or payment requests to Bank Indonesia were not disclosed, the central bank maintained that transactional systems remained unaffected. Historical context revealed that this was not Bank Indonesia's first significant cyber incident, with the 2016 DDoS attacks demonstrating prior resilience against disruptive cyber operations. No evidence linked the 2021 ransomware event to earlier attacks, and authorities did not disclose whether forensic investigations identified specific threat actors or attack vectors beyond the Conti group's involvement.