Ransomware Specialist Hacker Claims to Be the Mastermind behind BSI Down and Threatens to Share Customer Data
All services of PT Bank Syariah Indonesia Tbk (BSI) experienced an error for four days starting from 8 to 11 May 2023. Even though it has gradually recovered, this problem has prevented customers from making transactions at branch offices, ATMs, even BSI Mobile.
The service interruption, called BSI, was originally stated to be due to the maintenance process (system maintenance). After several days of not recovering, BUMN Minister Erick Thohir acknowledged that there was an attack on the BSI system, but did not specify what type of attack occurred.
A number of parties and experts believe that the cyber attack that hit BSI is a type of ransomware. Ransomware is malware that hackers use to threaten and demand ransom from victims.
Ransomware gets into victims' devices through various means, such as fake e-mail links, instant messages, or websites. Ransomware can lock computers and encrypt predefined important files with passwords.
On Saturday (13/5/2023) morning, the dark web intelligence and investigation platform active on Twitter, Dark Tracer (@darktracer_int) revealed that the hacker group specializing in ransomware “LockBit 3.0” claimed to have carried out an attack on the BSI service system, thereby creating an disturbance.
“The LockBit ransomware group has claimed responsibility for service disruptions at Bank Syariah Indonesia (BSI). (They) stated that it (the disturbance) was the result of their attack," wrote Dark Tracer.
In the image uploaded by Dark Tracer, the hacker claims to have stolen around 1.5 TB (terabytes) of data in the bank's system.
"Bank management has no better reason than to lie to customers and partners of the company, namely to report that there is some kind of "technical problem" that is being done by the bank," explained the hackers.
There were at least five types of stolen data, namely 9 databases consisting of data on 15 million customers and employees.
This data includes cellphone numbers, addresses, names, document information, bank balances, card numbers, transactions made, etc.), financial documents, legal, NDA (bank employment contracts/non-disclosure agreements), and passwords. all internal and external services in the bank.
Apart from mentioning what data has been stolen, hackers also threaten to leak customer data. The hackers asked BSI to contact the hackers within 72 hours to resolve the issue. If not, customer data will be at stake.
"For all customers and corporate partners who have experienced data theft. If Bank Syariah Indonesia respects the company's reputation, customers and partners, they will contact us and your (data) will not be threatened," the hacker threatened.
"If not, we recommend that you stop working with this company," the message concluded.
— Fusion Intelligence Center @ DarkTracer (@darktracer_int) May 12, 2023
BSI claims customer data is safe
Even though BSI found that the system was experiencing a cyber attack, BSI Director Herry Gunardi claims that all customer data and funds remain safe. The company is said to be mitigating all possibilities to ensure the security of customer data.
"We as customer financial managers certainly ensure customers and stakeholders that customer data and funds are in good condition and safe at BSI," explained Hery at a conference at Wisma Mandiri Thamrin, Jakarta, Thursday (11/5/2023).
The company is currently evaluating and temporarily switching off a number of its services. BSI also continues to coordinate with a number of parties, such as the Financial Services Authority (OJK)), Bank Indonesia (BI), shareholders and other parties.
"Regarding the alleged existence of cyber attacks, basically further evidence is needed through audits and digital forensics," added Hery.
Hery also ensured that BSI would continue to improve cyber security, while the
Hacker Spesialis Ransomware Klaim Jadi Dalang BSI Down dan Ancam Sebar Data Nasabah
Seluruh layanan PT Bank Syariah Indonesia Tbk (BSI) mengalami error selama empat hari mulai dari tanggal 8 sampai 11 Mei 2023. Walau sudah berangsur pulih, masalah ini sempat membuat nasabah tidak dapat melakukan transaksi di kantor cabang, ATM, bahkan BSI Mobile.
Gangguan layanan tersebut, disebut pihak BSI, awalnya disebutkan karena proses maintenance (perawatan sistem). Setelah beberapa hari tidak berangsur pulih, Menteri BUMN Erick Thohir mengakui adanya serangan terhadap sistem BSI, tetapi tidak diperinci seperti apa serangan yang terjadi.
Sejumlah pihak dan pakar meyakini bahwa serangan siber yang menimpa BSI adalah jenis ransomware. Ransomware adalah malware yang digunakan hacker untuk mengancam dan meminta uang tebusan dari korban.
Ransomware masuk ke perangkat korban melalui berbagai cara, seperti link palsu e-mail, pesan instan, atau situs web. Ransomware dapat mengunci komputer dan mengenkripsi file penting yang telah ditentukan sebelumnya dengan kata sandi.
Pada Sabtu (13/5/2023) pagi ini, platform intelijen dan investigasi dark web yang aktif di Twitter, Dark Tracer (@darktracer_int) mengungkapkan bahwa kelompok peretas spesialis ransomware “LockBit 3.0” mengaku telah melakukan serangan ke sistem layanan BSI sehingga membuat adanya gangguan.
“Kelompok ransomware LockBit mengaku bertanggung jawab atas gangguan layanan di Bank Syariah Indonesia (BSI). (Mereka) menyatakan bahwa itu (gangguan) adalah akibat dari serangan mereka,” tulis Dark Tracer.
Dalam gambar yang diunggah Dark Tracer, hacker mengaku telah mencuri sekitar 1,5 TB (terabyte) data yang ada di dalam sistem bank.
“Manajemen bank tidak punya alasan yang lebih baik selain berbohong kepada nasabah dan mitra perusahaan, yakni melaporkan adanya sejenis “masalah teknis” yang sedang dilakukan oleh bank,” jelas hackers.
Data yang dicuri setidaknya ada lima jenis, yakni 9 basis data yang terdiri dari data 15 juta nasabah dan karyawan.
Data tersebut meliputi nomor HP, alamat, nama, informasi dokumen, jumlah saldo bank, nomor kartu, transaksi yang dilakukan, dsb), dokumen finansial, legal, NDA (kontrak kerja bank/non-disclosure agreement), dan kata sandi (passwords) semua layanan internal dan eksternal yang ada di bank.
Selain menyebutkan data apa saja yang sudah dicuri, hacker juga mengancam bakal membocorkan data nasabah. Hacker meminta pihak BSI untuk menghubungi para peretas dalam waktu 72 jam untuk menyelesaikan masalah. Jika tidak, data nasabah yang akan menjadi taruhannya.
“Untuk seluruh nasabah dan mitra perusahaan yang mengalami pencurian data. Jika Bank Syariah Indonesia menghargai reputasi, nasabah, dan mitra perusahaan, mereka akan menghubungi kami dan (data) Anda tidak akan terancam,” ancam sang hacker.
“Jika tidak, kami merekomendasikan Anda untuk berhenti bekerja sama dengan perusahaan ini,” tutup pesan tersebut.
— Fusion Intelligence Center @ DarkTracer (@darktracer_int) May 12, 2023
BSI klaim data nasabah aman
Walau pihak BSI menemukan sistemnya mengalami serangan siber, Direktur BSI Herry Gunardi mengeklaim seluruh data dan dana nasabah tetap aman. Perseroan disebut tengah melakukan mitigasi atas segala kemungkinan untuk memastikan keamanan data nasabah.
“Kami sebagai pengelola keuangan nasabah sudah tentu memastikan kepada nasabah dan stakeholder bahwa data dan dana nasabah dalam kondisi baik dan aman di BSI,” jelas Hery dalam konferensi di Wisma Mandiri Thamrin, Jakarta, Kamis (11/5/2023).
Perseroan tengah melakukan evaluasi dan temporary switch off terhadap sejumlah layanannya. BSI juga terus melakukan koordinasi dengan sejumlah pihak, seperti Otoritas Jasa Keuangan (OJK)), Bank Indonesia (BI), pemegang saham, dan pihak lainnya.
“Terkait dugaan adanya seragan siber, pada dasarnya perlu pembuktian lebih lanjut melalui audit dan digital forensik,” tambah Hery.
Hery juga memastikan bahwa BSI akan terus meningkatkan keamanan siber, sedangkan pihak