A number of government services across Indonesia have been disrupted after a threat actor breached the country’s national data centre.
Hackers using a new variant of the LockBit 3.0 ransomware called Brain Cipher encrypted Indonesia’s Temporary National Data Centre, leading a number of services, including immigration checks and airport services, facing issues since 20 June, according to the National Cyber and Crypto Agency (BSSN) of the Republic of Indonesia.
“The results of our identification of the obstacles that occurred at the Temporary National Data Center were due to a cyber attack of the ransomware type,” said BSSN chief Hinsa Siburian.
The data centre branch affected was located in Surabaya rather than in Jakarta, according to CNBC Indonesia.
Hinsa added that on 17 June, there were attempts to deactivate Windows Defender and that on 20 June, malicious activity, including the deployment of malware, occurred.
“It was discovered that on June 20, 2024, at 00.55 WIB, Windows Defender experienced a crash and could not operate,” he said.
According to media reports, at least 210 local services were affected by the incident.
The disruptions caused long lines of people waiting at immigration desks at airports. Since then, these services have been mostly restored, and sensitive data has been moved to cloud storage.
Additionally, other services such as online university and school enrolment were disrupted, leading the government to extend the registration period.
The threat actor demanded US$8 million ransom for the restoration of Indonesia’s systems, according to the country’s Minister for Communication and Information Technology, Budi Arie Setiadi.
Despite major services being disrupted, Setiadi has said that the ransom will not be paid, according to media reports.
“We have tried our best to carry out recovery while the (National Cyber and Crypto Agency) is currently carrying out forensics,” he said.
The attack on Indonesia’s National Data Centre is just one of many cyber attacks by LockBit in recent months, who just this week claimed an attack on the US Federal Reserve.
The threat group listed the US central banking system on its site on 23 June, claiming to have exfiltrated 33 terabytes of “juicy banking information containing American’s banking secrets”.
“Federal banking is the term for the way the Federal Reserve of the United States distributes its money,” LockBit said.
“The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts.
“The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco.”
It also alluded that ransom negotiations with the Federal Reserve had begun and that it is unhappy with any ransom offers made so far.
“You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000,” LockBit said.
Despite the big claims, the prolific ransomware gang failed to publish any Federal Reserve data, but it instead published data allegedly belonging to Evolve Bank & Trust (Evolve), an organisation a US Federal Reserve board called out earlier this month.
Daniel Croft
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.