Keypoints:
- Indonesia is listed among the countries experiencing ransomware activity, accounting for 0.49% of global incidents, indicating a tangible risk from groups like NightSpire.
- NightSpire, a new ransomware group active since early 2025, exploits vulnerabilities like CVE-2024-55591 in FortiGate firewalls for initial access and employs a double extortion model.
- The group exhibits some operational security weaknesses, such as using Gmail for communication, but has rapidly expanded its targeting of small to medium-sized enterprises across various sectors globally.
What the Indonesian Government and Related Institutions Should Do:
- Issue specific advisories regarding the critical FortiOS vulnerability (CVE-2024-55591) and mandate timely patching for all relevant organizations in Indonesia.
- Enhance national cybersecurity awareness programs to educate Indonesian businesses, especially SMEs, about emerging ransomware threats like NightSpire and the importance of robust security practices.
What Indonesian Citizens Should Know and Do:
- Businesses should prioritize patching internet-facing devices, particularly FortiGate firewalls, and implement strong, multi-factor authentication to prevent unauthorized access.
- Individuals and organizations should exercise caution with unsolicited communications and ensure regular backups of critical data are stored offline and are not accessible from their primary network.
Read More..
https://www.hendryadrian.com/threat-intelligence-report-april-8-april-14-2025-red-piranha/