A cyberattack has hit the national data center of Indonesia. Hackers demanded a ransom of $8 million, which the government refused to pay. Over 200 government agencies are affected, and some services, like immigration, are slowly resuming.
Passengers arrive at Juanda Surabaya international airport in Sidoarjo, East Java on April 6, 2024, as people go to their hometowns ahead of the Eid al-Fitr holiday which marks the end of the Islamic holy month of Ramadan. (Photo : JUNI KRISWANTO/AFP PHOTO/AFP via Getty Images)
Response of Indonesia to the Cyberattack
Indonesia's national data center fell victim to a cyberattack last Thursday, with hackers demanding an $8 million ransom that the government has firmly declined to pay, the Associated Press reported.
According to Samuel Abrijani Pangerapan, the director general of informatics applications with the Communications and Informatics Ministry, the attack severely disrupted services across more than 200 government agencies at both national and regional levels.
While some government services, like immigration at airports, have resumed, efforts are still ongoing to restore full functionality, particularly for services like investment licensing.
According to Hinsa Siburian, the head of Indonesia's Cyber and Crypto Agency, the agency has detected instances of the Lockbit 3.0 ransomware.
PT Telkom Indonesia's director of network & IT solutions, Herlan Wijanarko, confirmed that the attackers have encrypted data and proposed a decryption key in exchange for the ransom, although specifics were not disclosed.
Wijanarko noted that the company is working with domestic and international authorities to investigate and decrypt the encrypted data to restore access.
Minister of Communication and Informatics Budi Arie Setiadi said the government remained firm in its decision not to comply with the ransom demand. Setiadi noted that efforts are ongoing to restore operations while the National Cyber and Crypto Agency conducts forensic investigations.
Pratama Persadha, chairman of Indonesia's Cybersecurity Research Institute, characterized the current cyberattack as the most severe in a series that has affected Indonesian government agencies and businesses since 2017.
Persadha highlighted the extensive disruption to the national data center and the prolonged recovery period, underscoring challenges in managing Indonesia's cyber infrastructure and server systems.
According to Persadha's assessment, a secure backup system capable of automatically assuming control of the national data center's central server during a cyberattack would render ransomware attacks ineffective.
Indonesia's central bank encountered a ransomware attack in 2022, but did not disrupt public services. In 2021, the health ministry's COVID-19 app suffered a breach, exposing the personal data and health information of 1.3 million individuals.
Last year, Dark Tracer, an intelligence platform monitoring cyber threats, disclosed a concerning revelation: the LockBit ransomware group claimed to have accessed and stolen 1.5 terabytes of data from Bank Syariah Indonesia, the country's largest Islamic bank.
Indonesia's recent cyberattack on its national data center has highlighted serious weaknesses in digital security. Despite widespread disruptions to government services, Indonesia has taken a firm stance against cyber extortion by refusing to pay the ransom demanded by hackers.
As efforts to restore operations and investigate the attack continue, this incident is a clear reminder of the ongoing threat of ransomware attacks. Strengthening cybersecurity measures will be essential to protect national data and ensure the reliability of digital services in the future.
