A cybercrime group is demanding $8 million after compromising Indonesia’s national data center — an amount the government is refusing to pay.
More than 200 government agencies have been disrupted by the cyberattack since June 20, according to Samuel Abrijani Pangerapan, director general of informatics applications with the Communications and Informatics Ministry. He told the Associated Press that these agencies are at both the regional and national levels, and though some of them have returned to operations (such as immigration at airports), others are still not yet operational.
According to Herlan Wijanarko, Indonesia’s director of network and IT solutions, the threat actors are holding data hostage and offering a key to access the information in exchange for the $8 million ransom.
Communication and Informatics Minister Budi Arie Setiadi, however, told the AP that the government will not pay the ransom. Instead the National Cyber and Crypto Agency is carrying out forensics as the center does its best to recover from the attack.
The head of the crypto agency also noted that it detected a sample of LockBit 3.0 ransomware.
“The disruption to the national data center and days-long needed to recover the system means this ransomware attack was extraordinary,” said Pratama Persadha, Indonesia’s Cybersecurity Research Institute chairman. “It shows that our cyber infrastructure and its server systems were not being handled well.”
This is the most severe cyberattack on the country’s government agencies and companies since 2017.