Ransomware Attack Hits Indonesian Payment Giant Jatelindo
Incident Date:
September 14, 2024
Overview
Title
Ransomware Attack Hits Indonesian Payment Giant Jatelindo
Victim
Jatelindo
Attacker
Stormous
Location
First Reported
September 14, 2024
Ransomware Attack on PT Jatelindo Perkasa Abadi by Stormous Group
PT Jatelindo Perkasa Abadi, a leading Indonesian company specializing in electronic billing and payment solutions, has recently fallen victim to a ransomware attack orchestrated by the Stormous group. The cybercriminals claim to have exfiltrated and published sensitive data on their dark web portal, potentially compromising the company's operational integrity.
About PT Jatelindo Perkasa Abadi
Established in 2004, PT Jatelindo Perkasa Abadi operates as a Biller Aggregator, connecting various billing providers and financial institutions to facilitate seamless transactions across different sectors. The company is known for its Electronic Billing Presentation and Payment System (EBPP), which allows users to manage billing and payment activities electronically. Jatelindo also developed Narobil, a platform aimed at assisting informal sectors in managing billing processes. The company processes over 700 million transactions annually, with a gross transaction value of approximately IDR 74 trillion (around USD 5 billion).
Attack Overview
The ransomware attack on Jatelindo was claimed by the Stormous group, a ransomware gang known for its politically motivated operations and double extortion tactics. The group has a history of targeting Western nations and companies, often aligning its attacks with geopolitical tensions. In this instance, Stormous claims to have exfiltrated and published Jatelindo's data, which could include sensitive information related to their electronic payment systems and client transactions.
About Stormous Ransomware Group
Stormous emerged in early 2022, gaining notoriety for its support of Russia during the conflict with Ukraine. The group employs double extortion tactics, encrypting data and threatening to leak it if the ransom is not paid. Stormous operates through an underground website and communicates via Telegram, often targeting companies whose data has already been leaked by other hackers. This raises questions about the legitimacy of their claims and their actual capabilities in executing sophisticated cyber operations.
Potential Vulnerabilities
Jatelindo's extensive operations and significant transaction volume make it an attractive target for ransomware groups like Stormous. The company's reliance on electronic payment systems and the sensitive nature of the data they handle could have made them vulnerable to such attacks. While Jatelindo emphasizes security and compliance with Indonesian regulations, the evolving tactics of ransomware groups necessitate continuous vigilance and advanced cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.