A cyber attack in Indonesia that’s been called the worst in years exposed a critical mistake in the country’s information technology policy. Almost none of the data in one of the two data centers hit by the ransomware attack is backed up, meaning it cannot be restored other than by decrypting the affected servers’ storage systems.
The attack happened on June 20, when a “non-state actor” compromised Indonesia’s Temporary National Data Center (PDNS) using a variant of the LockBit 3.0 malware called Brain Cipher. This software not only extracts sensitive data but also encrypts it on the servers. The attacker has demanded a ransom of $8 million, which the government says it does not intend to pay.
The attack affected over 230 public agencies in Indonesia, including ministries, and severely disrupted several critical national services. These included important government services such as immigration and operations at major airports.
After the impact became clear, Indonesian President Joko Widodo ordered an audit of the country’s data centers. Muhammad Yusuf Ateh, who leads Indonesia’s Development and Finance Controller (BPKP), said the audit would cover “governance and the financial aspect” of the cyberattack.
An official from Indonesia’s cyber security agency told Reuters that 98% of the government data stored in one of the two compromised data centers had not been backed up. While the data center had the backup capacity to store the data, it wasn’t required. Many government agencies did not use the backup service because of budget constraints.
Since then, some have called for Budi Arie Setiadi, Indonesia’s communications director, to resign his post. Setiadi’s ministry is responsible for running the data centers. Setiadi, they say, has failed to take responsibility for multiple cyber attacks on the nation.
The commission chair investigating the incident, Meutya Hafid, said, “If there is no back up, that’s not a lack of governance. That’s stupidity.”
Indonesian authorities say they are trying to decrypt the data themselves. The team expects to have all government services fully restored by August.