close
close

Indonesia refuses to pay $8 million ransom for attack on its data center that paralyzed key public services

Ransomware-dc062024

Style Photography/Getty

The Indonesian government says it will not give in to ransom demands following a security breach last week that brought key public services – including immigration – to a halt and caused backlogs at Jakarta’s international airport.

The ransomware attack targeted a national data center and affected over 200 institutions across the country since June 20, including federal states and several key public services. Some of them were restored this week, such as visa and residency permit services, immigration control services and passport services.

Also: Most companies affected by ransomware report this to the authorities, but the level of support varies

Indonesia’s National Cyber ​​and Crypto Agency (BSSN) has since revealed that the breach was the result of a ransomware attack called Brain Cipher, the latest variant of LockBit 3.0, according to a report by state news agency Antara on Monday.

The investigation into the attack is ongoing, said BSSN Lieutenant General Hinsa Siburian.

Meanwhile, Budi Arie Setiadi, Minister of Communications and Informatics, said the government would not pay a single cent of the $8 million ransom demanded.

He pointed out that the attack targeted the location of a secondary data center in Surabaya, the capital of East Java province.

The ministry’s director general for applications and informatics, Semuel Abrijani Pangerapan, said his team had managed to isolate the data stored in the affected systems.

In addition, data migration efforts are currently underway to restore public services affected by the breach.

Telkom Indonesia, which is working with the government to investigate the security incident, is trying to crack the data encryption, said Herlan Wijanarko, director of network and IT solutions at the local telco group. He did not provide further details on what this meant, Antara reported.

Also: Ransomware victims continue to pay, but must also prepare for AI-assisted attacks

Pangerapan added that the government is reviewing reconstruction and containment measures to prevent even more widespread impacts.

Various cybersecurity solution providers commented on the breach and emphasized the need for constant monitoring and system recovery.

“This incident underscores the critical importance of continuous monitoring and real-time threat detection to mitigate the impact of such sophisticated attacks,” said Nigel Ng, senior vice president of Asia Pacific at Tenable. “LockBit’s repeated involvement in high-profile attacks around the world demonstrates the evolving threat landscape we all need to be prepared for.”

Kelvin Lim, senior director of security engineering at Synopsys Software Integrity Group, added that threat actors exploiting LockBit often encrypt victims’ data and demand payment to keep the compromised data private.

In addition, 91% of ransomware victims paid at least one ransom in the past year, a survey found

Lim pointed out that ransom demands are twofold in nature: “One (payment) for decryption of their data and another to prevent the leak of their private data. LockBit threat actors also occasionally employ a third extortion approach, Distributed Denial-of-Service (DDoS), which targets victims’ computers and increases the pressure to pay the ransom.”

Instead of giving in, victims of ransomware attacks should focus their resources on recovering and improving their cybersecurity posture against future attacks, he said.