JAKARTA (Reuters) – Indonesia said it is beginning to recover data that had been encrypted in a major ransomware attack last month which affected more than 160 government agencies.
The attackers identified as Brain Cipher asked for $8 million in ransom to unlock the data before later apologising and releasing the decryption key for free, according to Singapore-based cybersecurity firm StealthMole.
The attack has disrupted multiple government services including immigration and operations at major airports. Indonesian officials have acknowledged that the bulk of the data had not been backed up.
Chief Security Minister Hadi Tjahjanto said in a statement late on Thursday that data for 30 public services overseen by 12 ministries had been recovered using a “decryption strategy” without elaborating.
“The communications ministry is using a decryption strategy to recover services or assets from ministries, state agencies, and the regional governments that are affected. We are handling this gradually,” the statement said.
It was not immediately clear if the government had used Brain Cipher’s decryption key. Hadi and Communications Minister Budi Arie Setiadi did not immediately respond to requests for comment.
Ransomware attackers use software to encrypt data and demand payment from victims to restore the data. Indonesia has said this attack used malicious software called Lockbit 3.0.
(Reporting by Ananda Teresia; Editing by Edwina Gibbs)