In October 2023, Pelindo, an Indonesian state-owned port operator, suffered a data breach executed by the BianLian ransomware group. The attack led to the exfiltration of 200GB of sensitive data, including SQL and ORACLE databases, source code APIs, internal technical documentation, and ICT development information. BianLian, known for shifting from file encryption to pure data extortion, exploited legal and regulatory pressures to coerce payment, threatening to leak the stolen data if demands were unmet. The breach exposed critical operational and proprietary assets, posing risks to Pelindo’s IT infrastructure, intellectual property, and potential regulatory non-compliance. While Avast had released a decryptor earlier in 2023, BianLian remained active, targeting high-profile entities primarily in the U.S. and listing victims on its extortion portal. The incident was reported by RedPacket Security, which clarified no affiliation with the attackers.
TPRM report: https://www.rankiteo.com/company/pt-pelabuhan-indonesia-persero
"id": "pt-849092125",
"linkid": "pt-pelabuhan-indonesia-persero",
"type": "Ransomware",
"date": "10/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Port Operations / Logistics',
'location': 'Indonesia',
'name': 'PT Pelabuhan Indonesia (Persero) / Pelindo',
'type': 'State-Owned Enterprise'}],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Database files',
'Source code',
'Documentation (PDF/Word/other)'],
'sensitivity_of_data': 'High (internal technical and '
'development data)',
'type_of_data_compromised': ['SQL databases',
'ORACLE databases',
'Source Code (APIs)',
'Internal Technical '
'Documentation',
'ICT Development Information']},
'date_detected': '2023-10',
'date_publicly_disclosed': '2023-10',
'description': 'In October 2023, PT Pelabuhan Indonesia (Persero), trading as '
'Pelindo, an Indonesian state-owned port operation company, '
'experienced a data breach attributed to the BianLian '
'ransomware group. The breach resulted in the exfiltration of '
'200GB of data, including SQL and ORACLE databases, source '
'code APIs, internal technical documentation, and development '
'information for ICT solutions. The BianLian group, which has '
'shifted its focus from encrypting files to solely '
'exfiltrating data for extortion, continues to operate despite '
'Avast releasing a free decryptor in January 2023. The attack '
'was reported by RedPacket Security.',
'impact': {'brand_reputation_impact': 'Potential damage due to data exposure '
'and association with ransomware',
'data_compromised': '200GB (SQL databases, ORACLE databases, '
'source code APIs, internal technical '
'documentation, ICT development information)',
'legal_liabilities': 'Potential legal and regulatory risks '
'leveraged by BianLian for extortion'},
'initial_access_broker': {'high_value_targets': ['SQL/ORACLE databases',
'Source code',
'Internal documentation']},
'investigation_status': 'Reported by third-party (RedPacket Security)',
'motivation': 'Extortion (Data Theft for Financial Gain)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'BianLian'},
'references': [{'source': 'RedPacket Security'}],
'response': {'third_party_assistance': ['RedPacket Security (reporting only, '
'not affiliated with attackers)']},
'threat_actor': 'BianLian Ransomware Group',
'title': 'Data Breach at PT Pelabuhan Indonesia (Pelindo) by BianLian '
'Ransomware Group',
'type': ['Data Breach', 'Ransomware Attack (Data Exfiltration)']}