Indonesia’s national data center has been the victim of a cyber-attack by a hacker group demanding a ransom of $8 million, which the government has resolutely refused to pay.
According to Samuel Abrijani Pangerapan, director general of information applications at the Ministry of Communications and Informatics, the cyber attack has disrupted more than 200 government agencies nationwide and regionally since last Thursday.
While some government services, such as immigration services at airports, have been restored, efforts to resume operations of other services, such as investment licensing, remain unaffected, Pangerapan told reporters on Monday.
Herlan Wijanarko, director of network and IT solutions at PT Telkom Indonesia, explained that the attackers held the data as a hostage and offered a decryption key in exchange for an $8 million ransom. He mentioned that the company is working with domestic and international authorities to investigate the breach and break the encryption.
Minister of Communications and Information Technology Budi Arie Setiadi confirmed that the government would not meet the ransom demands. “We have tried our best to recover while the National Cyber and Cryptography Agency is currently conducting a forensic investigation,” Setiadi added.
Hinsa Siburian, head of the National Cyber and Cryptography Agency, revealed that they had identified samples of the Lockbit 3.0 ransomware.
Pratama Persadha, chairman of the Indonesian Institute for Cybersecurity Research, called the cyberattack the most serious in a series of ransomware incidents targeting Indonesian government agencies and companies since 2017. “The disruption to the national data center and the extended recovery time indicate that this ransomware attack was extraordinary,” Persadha said. “It highlights weaknesses in our cyber infrastructure and server systems management.”
Persadha said the impact of the ransomware attack could have been mitigated if the government had robust backup systems capable of automatically taking over control from the central server during a cyber attack.
Indonesia has seen ransomware attacks, including an attack on its central bank as early as 2022, but it did not affect public services. In 2021, the Ministry of Health’s COVID-19 application was hacked, exposing the personal data and health status of 1.3 million people.
Last year, Dark Tracer, a news platform monitoring malicious activity in cyberspace, reported that the LockBit ransomware group claimed to have stolen 1.5 terabytes of data from Bank Syariah Indonesia, the country’s largest Islamic bank. Therefore, our government must defend itself against such attacks; we don’t know when they will strike again.
