Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Ransomware attack behind massive disruption in Indonesia’s national data centre
Cyber Security

Ransomware attack behind massive disruption in Indonesia’s national data centre

AdminBy AdminJuly 7, 2024No Comments4 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


June 25, 2024

JAKARTA – The government announced on Monday that a cyberattack using a new variant of ransomware was responsible for data disruptions at two temporary National Data Center (PDN) facilities last week that crippled immigration processing at airports and disrupted other public services, adding that the attackers had demanded US$8 million in ransom.

The data failure at the facility in Surabaya, East Java, was first reported on Thursday morning and impacted databases managed by more than 200 central government and regional institutions.

As of Monday, the government was still trying to restore the affected public services across the country, although all immigration services, including passport and visa-on-arrival processing, were running normally.

National Cyber and Crypto Agency (BSSN) head Hinsa Siburian said digital forensic investigators found that unnamed attackers had used a new variant of existing malicious software Lockbit 3.0.

“The ransomware’s name is Brain Cipher. It is an updated, new variant of the LockBit 3.0 ransomware,” Hinsa told a press briefing on Monday at the Communications and Information Ministry.

LockBit 3.0 is ransomware that blocks user access to computer systems and is often used by hacker group LockBit to digitally extort its victims.

Many of the details of the case remain uncertain, including who was responsible for the attack and what the motives were.

The Communications and Information Ministry has been temporarily storing data at the two facilities in Surabaya and Jakarta while new data centers are being built to integrate data from government bodies at the central and regional levels. The temporary facilities are operated by Telkomsigma, a subsidiary of publicly listed state-owned telecommunications company PT Telkom Indonesia.

The attackers, Telkom director for network and IT solutions Herlan Wijanarko said, had asked for $8 million in ransom.

But the ministry’s informatics applications director general, Semuel Abrijani Pangerapan, said the government “cannot not reveal much about the case because the forensic investigation is not finished yet”.

While he did not say whether the cyberattack was connected to an another alleged data breach targeting state-owned sharia bank Bank Syariah Indonesia (BSI) last year, Semuel noted that the ransomware used in the two incidents was “similar but different in terms of variants”.

The LockBit group claimed at the time to have stolen the BSI data using LockBit 3.0.

The Thursday incident also happened around the same time the BSSN found that data, allegedly stolen from the National Police’s Indonesia Automatic Fingerprint Identification System (INAFIS), was being offered for sale on the dark web.

But the BSSN said the fingerprint data incident had nothing to do with the cyberattack on the national data center and that the police had determined that there had no breach in their system.

Concerns remain

A total of 210 databases of central and regional government agencies were impacted by the attack, including the immigration system at Soekarno-Hatta International Airport in Tangerang, Banten, which went down on Thursday, forcing immigration officers to perform manual checks and resulting in long waits for travelers.

The immigration and the Maritime Affairs and Investment Ministry had restored their services by Monday. The system for the city of Kediri was also back online, Semuel said, but plenty of others were still in the recovery process.

“We’re in the process of migrating data for the remaining affected institutions. The recovery process hinges on swift coordination between government agencies and their cloud service providers,” he said.

Cybersecurity expert Ardi Sutedja said the government had failed to ensure the highest security standards for national digital infrastructure.

“Seeing the incident’s scale, this is not just a technical disruption anymore, it’s a massive disaster,” Ardi told The Jakarta Post.

He said the days-long recovery was a cause for concern because a standard recovery for a digital incident should be no more than 24 hours.

“Many aspects need to be evaluated, from the planning of the national data center to its human resources,” he said.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Indonesia ransomware attack disrupts digital services, govt rejects $8M demand

July 30, 2024

Indonesia’s Crypto Exchange Platform Appears Gemilang

July 29, 2024

Indonesia says it has begun recovering data after major ransomware attack | The Mighty 790 KFGO

July 28, 2024

Brain Cipher Released Decryption Keys, Apologies to Indonesia

July 27, 2024

Asia Pacific Internet Community in Bali; Discusses Recent Attack on Indonesia’s National Data Center

July 26, 2024

Indonesia Ranked 10th as Most Targeted for Cyber Attacks, Communication Minister Says

July 26, 2024
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.