lockbit2 attacks PT. Medco Energi Internasional

Incident Date:

June 14, 2022

World map



lockbit2 attacks PT. Medco Energi Internasional


PT. Medco Energi Internasional




South Jakarta, Indonesia

Senayan, Indonesia

First Reported

June 14, 2022

Ransomware Attack Targets PT Medco Energi Internasional

Overview of the Incident

PT Medco Energi Internasional, a prominent energy company in Indonesia, has fallen victim to a ransomware attack orchestrated by the Lockbit2 group. This incident was disclosed on the group's dark web leak site, highlighting the ongoing cybersecurity threats faced by entities in the Energy, Utilities & Waste sector.

Company Profile

As a key figure in the Indonesian energy landscape, MedcoEnergi boasts a market capitalization of IDR 39.2 trillion (approximately USD 2.6 billion) and manages a daily production rate of 160 million barrels of oil equivalent per day (mboepd). The company has achieved its 2023 objectives across various operational dimensions, including oil and gas production, power sales, unit costs, capital expenditure, and debt reduction.

Notable operational achievements include acquiring a 20% interest in Oman's producing Block 60 and exploration Block 48, signing new Gas Sales Agreements for the Corridor and Natuna Block B Production Sharing Contracts (PSCs), and initiating the 25MWp East Bali Solar Photovoltaic (PV) project.

Potential Vulnerabilities

MedcoEnergi's significant market presence and reliance on digital systems for operational and communication purposes may heighten its risk of being targeted by cybercriminals. These factors, combined with the company's strategic importance in the energy sector, underscore the potential vulnerabilities that could be exploited in such ransomware attacks.

Implications for the Energy Sector

The ransomware attack on PT Medco Energi Internasional serves as a stark reminder of the persistent cybercrime threats facing the energy sector. It underscores the critical need for companies within this industry to adopt and maintain comprehensive cybersecurity measures to safeguard their operations and sensitive data against cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.