Indonesia Refuses to Pay $8 Million Ransom After Cyberattack Hits National Data Center

Since last Thursday, a cyberattack has disrupted the services of more than 200 government agencies at both national and regional levels, stated Samuel Abrijani Pangerapan, Director General of Informatics Applications with the Communications and Informatics Ministry.

Some government services, such as airport immigration, have been restored, but efforts are ongoing to reinstate other services like investment licensing, Pangerapan told reporters on Monday.

The attackers have held data hostage, demanding an $8 million ransom for access, said Herlan Wijanarko, Director of Network & IT Solutions at PT Telkom Indonesia. He did not provide further details.

Wijanarko mentioned that the company, in collaboration with authorities at home and abroad, is investigating and attempting to break the encryption that has made the data inaccessible.

Communications and Informatics Minister Budi Arie Setiadi confirmed that the government would not pay the ransom. “We have tried our best to recover the data while the team is currently conducting forensics,” Setiadi added.

Hinsa Siburian, head of the cybersecurity agency, reported that they had identified samples of the Lockbit 3.0 ransomware.

Pratama Persadha, Chairman of Indonesia’s Cybersecurity Research Institute, highlighted that this cyberattack was the most severe among a series of ransomware attacks on Indonesian government agencies and companies since 2017. “The disruption to the national data center and the lengthy recovery time indicate that this ransomware attack was extraordinary,” Persadha said. “It reveals that our cyber infrastructure and server systems were not well managed.”

He emphasized that a ransomware attack would have been less impactful if the government had a robust backup system that could automatically take over during a cyberattack.

In 2022, Indonesia’s central bank was targeted by ransomware, but public services were unaffected. In 2021, the health ministry’s COVID-19 app was hacked, compromising the personal data and health status of 1.3 million people.

Last year, Dark Tracer, an intelligence platform monitoring cyber threats, reported that the LockBit ransomware group claimed to have stolen 1.5 terabytes of data from Indonesia’s largest Islamic bank, Bank Syariah Indonesia.