Jul 01, 2024 12:14:00

Indonesian government refuses to pay $13 million ransom for data after ransomware attack

The Indonesian National Data Center (PDN) under the Ministry of Communications and Information Technology was attacked by ransomware on June 20, 2024. The attackers are demanding 131 billion rupiah (approximately 1.28 billion yen) as a ransom for the encrypted data. However, the Indonesian government has told reporters that it will reject this demand.

Airports, Student Aid Services Struck by Indonesian Cyber Attack - Bloomberg

https://www.bloomberg.com/news/articles/2024-06-28/airports-to-scholarships-crippled-in-indonesian-cyber-attack

Indonesia won't pay an $8 million ransom after a cyberattack compromised its national data center | AP News

https://apnews.com/article/indonesia-ransomware-attack-national-data-center-213c14c6cc69d7b66815e58478f64cee

Indonesia president orders audit of data centres after cyberattack | Reuters
https://www.reuters.com/technology/cybersecurity/bulk-indonesia-data-hit-by-cyberattack-not-backed-up-officials-say-2024-06-28/

The incident began on June 20, 2024, when PDN in Surabaya, Java, was attacked by ransomware called 'Brain Cipher,' an improved version of 'LockBit 3.0.'

Indonesia's national data center hit by ransomware attack demanding more than 1.2 billion yen - GIGAZINE

According to Lt. Gen. Hinsa Sibrian, head of the Indonesian National Cyber and Crypto Agency (BSSN), the attack affected the Immigration Bureau's online services as well as student scholarship programs. The Indonesian government also announced that 'more than 230 public institutions, including ministries, were affected by the attack.'

The attackers are demanding a ransom of 131 billion rupiah from the Indonesian government to access the encrypted data. However, Budi Ali Setiadi, the Minister of Communications and Information, told reporters, 'The Indonesian government will never pay the ransom.'

At the time of writing, the Indonesian government is working with domestic and international authorities to investigate and recover data encrypted by the attackers. However, according to Mr. Sibrian, about 98% of the government data stored in the data center that was breached this time was not backed up. Therefore, it is necessary to recollect the data, and it is expected that the task of recovering the encrypted data will be difficult.

'The Ministry of Communications and Information has the ability to create backups of data in the data center, but using this ability is entirely optional. Until now, we have not been able to back up data due to budgetary constraints, but from now on, creating backups will be mandatory,' said Budi.

There are also voices calling for Budi to take responsibility for the series of incidents, and the digital rights group SAFEnet has been holding protests calling for Budi's resignation, citing a 'lack of awareness of the danger posed by repeated cyber attacks.' There are also voices on social media saying, 'In a decent country, such cyber attacks would be considered a matter of national sovereignty, and at the very least, the ministers involved would be fired or resign.'

Budi told Reuters, an international media outlet, that he would continue to remain in the government as a cabinet minister. He also said, 'We believe that financially motivated 'non-state actors' are behind the attacks, and we aim to fully restore government services by August 2024.' In addition, President Joko Widodo has issued an order to 'investigate data centers across the country.'