Indonesia Gov Faces Cyberattack, Refuses to Pay Ransom

Indonesia’s national data center has been compromised by a hacking group demanding an $8 million ransom, disrupting services for over 200 government agencies. The cyberattack involved ransomware and began on June 20, causing significant disruption at both national and regional levels of administration. While some services, such as immigration at airports, have been restored, others, like investment licensing, remain inaccessible.

"We have tried our best to carry out recovery while the (National Cyber and Crypto Agency) is currently carrying out forensics," said Communication and Informatics Minister Budi Arie Setiadi, according to The Independent. Authorities, including PT Telkom Indonesia, are collaborating with domestic and international experts to investigate the attack and break the encryption that has locked the data.

The hacking group behind the attack used Lockbit 3.0 ransomware, a sophisticated form of malware that has caused similar disruptions globally. Herlan Wijanarko, director of network and IT solutions at PT Telkom Indonesia, mentioned that the attackers had held data hostage, offering a decryption key in exchange for the ransom. However, Setiadi reiterated the government's firm stance against paying ransoms to cybercriminals, emphasizing their focus on recovery and forensic analysis.

The severity of this attack has raised concerns about Indonesia's cybersecurity infrastructure. Pratama Persadha, Chairman of Indonesia’s Cybersecurity Research Institute, described this incident as the most severe in a series of ransomware attacks that have targeted Indonesian government agencies and companies since 2017.

"The disruption to the national data center and the days-long effort needed to recover the system means this ransomware attack was extraordinary," Persadha said to ABC News. He highlighted the inadequacies in Indonesia’s cyber defenses and suggested that a more robust backup system could have mitigated the impact.

This incident is not isolated, as Indonesia has faced multiple significant cyberattacks in recent years. In 2022, the central bank was targeted by ransomware, and in 2021, the health ministry's COVID-19 app was hacked, exposing the personal data and health status of 1.3 million people.

Dark Tracer, an intelligence platform, also revealed last year that the LockBit ransomware group had claimed to have stolen 1.5 terabytes of data from Indonesia’s largest Islamic bank, Bank Syariah Indonesia. As Indonesia grapples with the aftermath of this attack, the government's refusal to pay the ransom sets a precedent in dealing with cybercriminals.