JAKARTA, Indonesia (AP) — Indonesia’s national data center has been compromised by a hacking group demanding an $8 million ransom, which the government says it will not pay.
The cyber attack has disrupted the services of more than 200 government agencies at both national and regional levels since last Thursday, said Samuel Abrijani Pangerapan, director general of informatics applications at the Ministry of Communications and Informatics.
Some government services have returned – immigration services at airports and elsewhere are now functional – but efforts to restore other services such as investment permits continue, Pangerapan told reporters on Monday.
The attackers took data hostage and offered a key for access in exchange for the $8 million ransom, said Herlan Wijanarko, director of network and IT solutions at PT Telkom Indonesia, without giving further details.
Wijanarko said the company, working with authorities at home and abroad, is investigating and trying to break the encryption that made data inaccessible.
Minister of Communications and Informatics Budi Arie Setiadi told journalists that the government will not pay the ransom.
“We have been doing our best to carry out recovery while the (National Cyber and Crypto Agency) is currently conducting forensic investigations,” Setiadi added.
The head of that agency, Hinsa Siburian, said they had detected samples of the Lockbit 3.0 ransomware.
Pratama Persadha, chairman of the Indonesian Cybersecurity Research Institute, said the current cyber attack is the most serious in a series of ransomware attacks that have hit Indonesian government agencies and companies since 2017.
“The disruption to the national data center and the days required to restore the system means that this ransomware attack was extraordinary,” Persadha said. “It shows that our cyber infrastructure and associated server systems were not handled properly.”
He said a ransomware attack would be pointless if the government had a good backup that could automatically take over the main server of the national data center in the event of a cyber attack.
Indonesia’s central bank was attacked by ransomware in 2022, but public services were not affected. The Ministry of Health’s COVID-19 app was hacked in 2021, exposing the personal data and health status of 1.3 million people.
Last year, an intelligence platform that monitors malicious activity in cyberspace, Dark Tracer, revealed that a hacker group known as the LockBit ransomware claimed to have stolen 1.5 terabytes of data controlled by Indonesia’s largest Islamic bank, Bank Syariah Indonesia .
