Bank Pembangunan Daerah Banten Tbk: Victim of RansomHouse Cyber Extortion

Incident Date:

April 23, 2024

World map

Overview

Title

Bank Pembangunan Daerah Banten Tbk: Victim of RansomHouse Cyber Extortion

Victim

Bank Pembangunan Daerah Banten Tbk PT

Attacker

Ransomhouse

Location

Kota Sarang, Indonesia

, Indonesia

First Reported

April 23, 2024

RansomHouse Targets Bank Pembangunan Daerah Banten in Cyber Extortion Scheme

Attack Overview

The ransomware group RansomHouse has claimed responsibility for a cyber attack on PT Bank Pembangunan Daerah Banten Tbk (Bank Banten), a regional development bank in Indonesia. The attack involved the exfiltration of approximately 450 GB of data from the bank's systems. Initial reports indicate that sensitive information may have been leaked online.

Company Profile

Bank Banten, established in 1992, operates as a key financial institution in the Banten province, focusing primarily on micro-enterprises and small to medium enterprises (SMEs). With 829 full-time employees, the bank plays a crucial role in the regional economic development by providing financial services tailored to local needs. The bank is a subsidiary of PT Banten Global Development.

Targeting and Vulnerabilities

The choice of Bank Banten as a target by RansomHouse can be attributed to several factors. As a regional bank with significant local influence, it holds a wealth of sensitive financial data that is attractive to cybercriminals. Furthermore, the transition phases in its history, including name and ownership changes, might have introduced vulnerabilities in its cybersecurity practices, making it a more feasible target for such sophisticated attacks.

RansomHouse's Modus Operandi

RansomHouse distinguishes itself from other cybercriminal groups by not encrypting the victim's data but instead threatening to leak it unless a ransom is paid. This method of operation not only causes immediate disruption but also poses a long-term reputational risk to the victims, compelling them to comply with the ransom demands to safeguard their client's data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.