A ransomware attack on Indonesia’s national data center has disrupted official government services. The attack has reportedly affected more than 200 government agencies at national and regional levels, and the threat actors claiming responsibility have demanded a ransom of $8 million for a restoration of these systems.
A senior official has reported that the government has refused to pay the ransom, instead focusing on restoring services and trying to identify the attackers.
Authorities Have Detected Samples of LockBit 3.0 Ransomware
Samuel Abrijani Pangerapan, director general of informatics applications at the Communications and Informatics Ministry, confirmed that essential services like immigration checks at airports had been disrupted. Long lines were formed at affected airports after automated passport machines were rendered useless.
While some of these services have been restored, including the government’s immigration services, ongoing efforts are aimed at restoring other critical operations, such as investment licensing. Samuel stated, “We have tried our best to carry out recovery while the (National Cyber and Crypto Agency) is currently carrying out forensics.”
The National Cyber and Crypto Agency has detected samples of LockBit 3.0 ransomware, a variant known for encrypting victims’ data and demanding payment for its release. PT Telkom Indonesia, an Indonesian multinational telecommunications company, is working with domestic and international authorities and leading the efforts to efforts to break the encryption and restore access to the compromised data.
Herlan Wijanarko, the company’s director of network & IT solutions, confirmed that the attackers had offered a decryption key in exchange for an $8 million ransom.
Experts Concerned About Indonesia Government Infrastructure Security
Cybersecurity experts warn that the severity of the attack highlights significant vulnerabilities in the government’s digital infrastructure and incident response capabilities.
Cybersecurity expert Teguh Aprianto described the latest attack as “severe” and notes that it highlights the need for improved infrastructure, manpower, and vendor management to prevent such attacks in the future.
Teguh stated, “It shows that the government infrastructure, manpower handling this and the vendors are all problematic.”
In recent years, Indonesia has faced a series of high-profile cyber attacks, including a ransomware attack on its central bank and a data breach at its largest Islamic lender. The consequences of these attacks can be severe, with victims often forced to pay large sums to regain access to their data.
Last year, the LockBit ransomware gang claimed responsibility for an attack on the Bank Syariah Indonesia. Sensitive information of over 15 million individuals had been stolen in the attack, affecting both customers and employees.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.