Indonesia’s Temporary National Data Centre, Pusat Data Nasional (PDN), operated by the Indonesian Ministry of Communication and Information Technology (Kominfo) is reeling under a ransomware attack on its facility that supports the operations of over 200 Indonesian government agencies and public services.
The hackers have demanded for a US$8 million (S$10 million) ransom, which the Indonesian government has determined to refuse, as per sources.
National Cyber and Crypto Agency’s (BSSN) head, Hinsa Siburian, said the facility was attacked by Brain Cipher, the latest variant of LockBit 3.0 ransomware.
He added that the agency noticed malicious activities on June 20, including installing malicious files, deleting important file systems, and disabling running services.
“Files related to storage, such as VSS, HyperV Volume, VirtualDisk, and Veaam vPower NFS began to crash,” Siburian said.
“We are still investigating the forensic evidence obtained… this will be a lesson for us to strengthen mitigation so that similar incidents do not recur in the future,” he added.
The BSSN is investigating the breach along with Indonesian cyber police force, the Communications Ministry, Telkom Indonesia and IT firms Telkomsigma and Lintasarta.
Service disruptions
The ministry said around 210 databases belonging to central government and regional administration institutions were impacted by the attack.
Immigration inspection services and auto gates at immigration checkpoints at Soekarno Hatta International Airport, Juanda International Airport, Kualanamu International Airport, Hang Nadim International Airport, and Batam and Nongsa International Ports, went down on June 20.
Licensing services at Coordinating Ministry for Maritime Affairs and Investment and digital services at the National Public Procurement Agency (LKPP) were also disrupted.
Relocation
In response to the cyber incident, Indonesian Minister of Law and Human Rights, Yasonna Laoly confirmed that immigration data has been relocated to a private cloud – Amazon Web Service, after the PDN showed no positive signs of recovery.
Director General of Immigration, Silmy Karim, said, “Generally, technical problems can be resolved in 1 hour to 3 hours. When it has exceeded 6 hours, we conclude that there must be more than an attack than a technical problem,” he said.
Karim added that problems due to cyber attacks will usually take quite a long time, and hence they relocated data centre to restore public services.
As of June 24, immigration offices, Maritime office and the city of Kediri in East Java, have had their access to the databases restored and have resumed public services.
Indonesia was working on building four national data centres to support government’s digital initiatives. The country has begun operations of two temporary national data centres in Jakarta and Surabaya. The PDN in Surabaya is now believed to be affected by the ransomware attack.