LockBit Leaks 1.5TB of Data Stolen From Indonesia’s BSI Bank

The LockBit ransomware group on Tuesday published 1.5 terabytes of personal and financial information the group said it stole from Bank Syariah Indonesia after ransom negotiations broke down.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

The group said the records include the personal and financial information of about 15 million customers and employees of the country’s largest Islamic bank.

The state-owned bank came into existence in 2021 through the merger of three other nationalized banks. BSI operates more than 1,100 branches to serve nearly 18 million customers.

Bank Indonesia, the country’s central bank, said on Thursday that under its supervision, BSI restored its real-time gross settlement, national clearing system, and Bank Indonesia Fast Payment services.

BSI President and CEO Hery Gunardi on May 11 said ATMs and bank branch services were again available and it was carrying out “capacity building” to restore core banking and critical channels. Gunardi said the disruptions occurred on May 8 due to BSI carrying out “risk mitigation in the company’s IT system by carrying out maintenance.”

The bank found indications of a cyberattack and “switched off several channels to ensure system security” he said.

LockBit responded that the bank had “brazenly lied to their customers and partners, reporting some kind of ‘technical work’ being carried out at the bank” when, in fact, its cyberattack had led to the disruptions.

The ransomware group on Tuesday also published details of its conversations with bank representatives between May 8 and May 13.

The screenshots reveal that the bank floated the possibility of paying $10 million to recover the stolen data. LockBit demanded $20 million before going silent.

Indonesian Vice President Ma’ruf Amin said Monday that the BSI incident was a bad experience for the public, and he asked the bank to improve its technology to prevent further attacks.