Proceedings of the 1st International Conference on Communication and Digital Multimedia 2025 (ICCDM 2025)

1st International Conference on Communication and Digital Multimedia 2025 (ICCDM 2025)

📍Yogyakarta, Indonesia🗓️ 19 November 2025
<Previous Article In Volume
Next Article In Volume>

Brain Cipher Ransomware Attack Reveals Critical Gaps in National Cybersecurity

Authors
Yoyok Darmanto1, *, Rahmat Rian Hidayat2, Ardian Setio Utomo2
1Directorate of Cryptographic Operations, National Cyber and Crypto Agency, Depok, Indonesia
2Information Communication Management Study Program, Sekolah Tinggi Multi Media, Yogyakarta, Indonesia
*Corresponding author. Email: yoyok.darmanto@bssn.go.id
Corresponding Author
Yoyok Darmanto
Available Online 18 June 2026.
DOI
10.2991/978-2-38476-589-8_15How to use a DOI?
Keywords
Ransomware attack; Digital forensics analysis; National cybersecurity; Critical infrastructure security; Brain Cipher ransomware
Abstract

General Background: Cyberattacks targeting critical digital infrastructure pose significant threats to national security, public services, and digital sovereignty. Specific Background: The June 2024 Brain Cipher ransomware attack on Indonesia’s National Data Center (PDNS 2) in Surabaya, executed using a LockBit 3.0 variant, disrupted over 200 public services and exposed systemic vulnerabilities. Knowledge Gap: Despite the scale of the incident, there is limited integrated analysis combining technical reconstruction, impact assessment, and strategic cybersecurity lessons from this attack. Aims: This study aims to provide a comprehensive technical analysis, evaluate the impact, and derive national cybersecurity lessons from the Brain Cipher ransomware incident. Results: Using a qualitative case study with a Digital Forensics Review (DFR) approach, the analysis confirms that 282 government institutions were affected, disrupting essential services such as immigration and taxation. The attack exploited remote access points for data encryption, while emergency recovery relied on AWS migration and Batam-based backups, revealing external dependencies. Novelty: This study offers an integrated examination of a large-scale ransomware incident by combining forensic reconstruction, impact evaluation, and policy-oriented cybersecurity insights. Implications: The findings emphasize the need for geographically redundant infrastructure, automated failover testing, behavior-based detection systems (EDR/XDR), and the institutionalization of security culture to strengthen national cyber resilience and safeguard digital sovereignty.

Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the 1st International Conference on Communication and Digital Multimedia 2025 (ICCDM 2025)
Series
Advances in Social Science, Education and Humanities Research
Publication Date
18 June 2026
ISBN
978-2-38476-589-8
ISSN
2352-5398
DOI
10.2991/978-2-38476-589-8_15How to use a DOI?
Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - Yoyok Darmanto
AU  - Rahmat Rian Hidayat
AU  - Ardian Setio Utomo
PY  - 2026
DA  - 2026/06/18
TI  - Brain Cipher Ransomware Attack Reveals Critical Gaps in National Cybersecurity
BT  - Proceedings of the 1st International Conference on Communication and Digital Multimedia 2025 (ICCDM 2025)
PB  - Atlantis Press
SP  - 175
EP  - 189
SN  - 2352-5398
UR  - https://doi.org/10.2991/978-2-38476-589-8_15
DO  - 10.2991/978-2-38476-589-8_15
ID  - Darmanto2026
ER  -