Ransomware Attack Hits Indonesian Energy Firm by Meow Group

Incident Date: Oct 26, 2024

Attack Overview

VICTIM

PT Transportasi Gas Indonesia

INDUSTRY

Energy, Utilities & Waste

LOCATION

Indonesia

ATTACKER

Meow

FIRST REPORTED

October 26, 2024

Request Removal

Ransomware Attack on PT Transportasi Gas Indonesia by Meow Group

PT Transportasi Gas Indonesia (TGI), a key player in the Indonesian energy sector, has recently been targeted by the Meow ransomware group. This attack has significant implications for the company, which is integral to Indonesia's natural gas transportation infrastructure.

Company Profile and Industry Significance

Established in 2002, TGI operates as a joint venture with PT Perusahaan Gas Negara and other stakeholders. The company manages over 1,000 kilometers of gas pipelines, connecting critical regions such as Grissik to Duri and Singapore. TGI's infrastructure is vital for both domestic and international energy markets, with a delivery capacity of approximately 835 million standard cubic feet per day. The company is recognized for its commitment to operational safety, environmental stewardship, and community engagement, adhering to international standards like ISO 45001:2018.

Details of the Ransomware Attack

The Meow ransomware group has claimed responsibility for the attack on TGI, demanding a ransom of $50,000 for access to over 180 GB of sensitive data. This data reportedly includes personal employee information, client contact details, service agreements, contracts, insurance policies, financial records, and safety management procedures. The breach exposes critical insights into TGI's operations, posing a significant threat to its corporate governance and operational integrity.

About the Meow Ransomware Group

Meow Ransomware emerged in late 2022 and is associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, primarily in the United States, but has also attacked entities in other countries. Meow employs various infection methods, including phishing emails and exploiting RDP vulnerabilities. They encrypt files using ChaCha20 and RSA-4096 algorithms, leaving a ransom note instructing victims to contact them via email or Telegram.

Potential Vulnerabilities and Penetration Methods

TGI's extensive network and critical role in energy transportation make it an attractive target for ransomware groups like Meow. The attack could have been facilitated by vulnerabilities in TGI's cybersecurity infrastructure, such as outdated software, unpatched systems, or inadequate employee training on phishing threats. The group's ability to exploit these weaknesses underscores the importance of effective cybersecurity measures in protecting vital national infrastructure.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.