RansomHouse Targets Bank Pembangunan Daerah Banten in Cyber Extortion Scheme

Attack Overview

The ransomware group RansomHouse has claimed responsibility for a cyber attack on PT Bank Pembangunan Daerah Banten Tbk (Bank Banten), a regional development bank in Indonesia. The attack involved the exfiltration of approximately 450 GB of data from the bank's systems. Initial reports indicate that sensitive information may have been leaked online.

Company Profile

Bank Banten, established in 1992, operates as a key financial institution in the Banten province, focusing primarily on micro-enterprises and small to medium enterprises (SMEs). With 829 full-time employees, the bank plays a crucial role in the regional economic development by providing financial services tailored to local needs. The bank is a subsidiary of PT Banten Global Development.

Targeting and Vulnerabilities

The choice of Bank Banten as a target by RansomHouse can be attributed to several factors. As a regional bank with significant local influence, it holds a wealth of sensitive financial data that is attractive to cybercriminals. Furthermore, the transition phases in its history, including name and ownership changes, might have introduced vulnerabilities in its cybersecurity practices, making it a more feasible target for such sophisticated attacks.

RansomHouse's Modus Operandi

RansomHouse distinguishes itself from other cybercriminal groups by not encrypting the victim's data but instead threatening to leak it unless a ransom is paid. This method of operation not only causes immediate disruption but also poses a long-term reputational risk to the victims, compelling them to comply with the ransom demands to safeguard their client's data.

Sources

• ZoomInfo: Bank Pembangunan Daerah Banten Tbk PT
• ThreatDown: Threat Profile - RansomHouse Makes Extortion Work Without Ransomware
• Cyberint: RansomHouse
• SciLabs Blog: Threat Profile - RansomHouse