Indonesia Hit By Cyberattack: Majority Of Data Not Backed Up, Officials Confirm

Indonesia experienced a significant cyberattack impacting more than 230 public agencies, including key ministries, resulting in service disruptions across sectors like immigration and operations at major airports. The attackers demanded an $8 million ransom for encrypted data, but the government opted against payment. 

The recent ransomware cyberattack on Indonesia’s National Data Center has had far-reaching consequences, significantly affecting society and communities across the nation. The attack, which occurred on June 20, 2024, is one of the most severe cyber incidents in the country’s history, disrupting essential government services and exposing critical vulnerabilities in Indonesia’s digital infrastructure. It has impacted over 230 public agencies, including ministries and major airports, and has rendered key government data inaccessible.

The cyberattack targeted the National Data Center managed by Indonesia’s Ministry of Communication and Information Technology (Kominfo), utilising a sophisticated ransomware variant identified as LockBit 3.0. This attack has crippled essential services, particularly immigration processing and operations at major airports, causing significant delays and disruptions.

Impact on Public Trust and Safety

One of the most significant impacts of this cyberattack is the erosion of public trust in government institutions. The revelation that 98% of the data stored in one of the compromised data centres is not backed up highlights severe deficiencies in digital governance and data management practices. This lack of preparedness not only disrupts daily operations but also raises concerns about the safety and reliability of government services.

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, comments, “It is quite alarming, but unfortunately not very surprising to hear that a significant portion of critical data wasn’t backed up. It’s a fundamental oversight which speaks volumes about the cybersecurity culture of the organisation. It’s essential that governments and organisations alike adopt a more robust approach to cybersecurity, encompassing regular data backups, ransomware protection measures, and comprehensive incident response plans.”

“Furthermore, this situation highlights the critical necessity for ongoing education and awareness programs about cybersecurity risks and best practices, at all levels of government and across sectors. Investing in cybersecurity is not merely an IT issue but a strategy that safeguards national security, economic stability, and the general public”, he added.

Government Response and Recovery Efforts

Despite the attackers demanding an $8 million ransom, the Indonesian government has refused to pay. Efforts are currently underway to restore services, with temporary measures such as migrating immigration-related activities to Amazon Web Services (AWS). The government aims to restore services by August 2024 fully.

Communications Minister Budi Arie Setiadi acknowledged the need for improved cybersecurity measures and announced plans to make data backup mandatory for all government agencies. This response comes amidst growing public outcry and calls for the minister’s resignation, led by digital advocacy group SAFEnet.

Erfan Shadabi, a cybersecurity expert at Comforte AG, underscores the importance of data security, stating, “The unfortunate exposure of personal data for which the Indonesian government is responsible for care-taking should remind every organisation to rethink their data security and storage. A better course of action is to prepare for such eventualities with robust recovery capabilities (tools and processes) combined with proactive data-centric protection.”

Broader Implications and Future Measures

The attack highlights the pressing need for strong cybersecurity protocols in Indonesia. The temporary data centres, currently in use due to the ongoing construction of permanent facilities, were not adequately equipped to withstand such sophisticated attacks. This incident underscores the importance of integrating comprehensive digital security measures and ensuring that all critical data is backed up and protected.

As investigations continue, the government is focused on enhancing its cyber defences to prevent future incidents and mitigate the impact of such attacks. Cybersecurity experts stress the need for thorough evaluations of current systems and the implementation of stringent security standards. 

This incident serves as a stark reminder of the pivotal role cybersecurity plays in safeguarding societal functions and underscores the imperative for proactive measures to protect critical infrastructure and citizen data.