Indonesia Rejects $8 Million Ransom Demand After Data Center Hack

Indonesia’s national data center has been compromised by a hacking group, which has demanded an $8 million ransom. The government has stated that it will not pay the ransom.

The attack, which began last Thursday, has disrupted services for over 200 government agencies at both the national and regional levels, according to Samuel Abrijani Pangerapan, director general of informatics applications at the Communications and Informatics Ministry.

While some government services have been restored, including immigration services at airports, efforts are ongoing to restore other services such as investment licensing, Pangerapan said on Monday.

The attackers have encrypted data and offered a decryption key in exchange for the ransom, said Herlan Wijanarko, director of network & IT solutions at PT Telkom Indonesia, without disclosing further details.

Wijanarko stated that the company, in collaboration with domestic and international authorities, is investigating the attack and attempting to break the encryption that has rendered the data inaccessible.

Communications and Informatics Minister Budi Arie Setiadi has confirmed that the government will not pay the ransom.

“We have done our best to recover the system while the (National Cyber and Crypto Agency) is currently conducting forensic analysis,” Setiadi added.

Hinsa Siburian, head of the National Cyber and Crypto Agency, has identified the ransomware used in the attack as Lockbit 3.0.

Pratama Persadha, chairman of Indonesia’s Cybersecurity Research Institute, has described the current cyberattack as the most severe in a series of ransomware attacks targeting Indonesian government agencies and companies since 2017.

“The disruption to the national data center and the days it took to recover the system indicate that this ransomware attack was extraordinary,” Persadha said. “It reveals that our cyber infrastructure and server systems were not adequately managed.”

He emphasized that a ransomware attack would be inconsequential if there was a robust backup system that could automatically take over the main server of the national data center during a cyberattack.

Indonesia’s central bank experienced a ransomware attack in 2022, but public services were not affected. In 2021, the health ministry’s COVID-19 app was hacked, exposing the personal data and health status of 1.3 million people.

Last year, Dark Tracer, an intelligence platform that monitors malicious activities in cyberspace, revealed that the LockBit ransomware had claimed to have stolen 1.5 terabytes of data managed by Bank Syariah Indonesia, Indonesia’s largest Islamic bank.

ant